11652 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the drm/amd module to properly handle bad data provided by the BIOS when processing the ATIF AC...
CVE-2024-51127
An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information...
Node.js: Improper error handling in async cryptographic operations crashes process
The C++ method SignTraits::DeriveBits incorrectly called ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process...
New Teams Deployment Guidance for App Layering or User Personalization Layer(UPL)
Microsoft Teams 2.x has changed its installation method and now installs under C:\Program Files\WindowsApps. Based on those changes this article provides the specific steps for the deployment of the Teams 2.x in an App LayeringAL or User Personalization LayerUPL environment. For the most current...
CVE-2024-9989 Crypto <= 2.18 - Authentication Bypass via log_in
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...
Langchain Path Traversal vulnerability
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...
CVE-2024-6673
A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...
CVE-2024-6673
A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...
PYSEC-2024-111
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...
CVE-2024-6673
CVE-2024-6673 describes a CSRF vulnerability in the Parisneo LoLLMS WebUI. The issue exists in the install_comfyui endpoint of the lollms_comfyui.py file and is triggered via a GET request without client authentication, allowing an attacker to coerce a user into installing ComfyUI. Affected versi...
CVE-2024-6673 CSRF Vulnerability in parisneo/lollms-webui
A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...
CVE-2024-7774 Path Traversal in langchain-ai/langchainjs
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...
PT-2024-16150 · Red Hat · Keycloak-Services
Name of the Vulnerable Software and Affected Versions: Keycloak-services affected versions not specified Red Hat products affected versions not specified Description: A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper filtering in the selectfiles method in the \controller\sys\Attachh.php file. An attacker can inject malicious scripts by passing unfiltered parameters and values into the param parameter. Details...
GHSA-J9WP-X5Q5-XH2F Funadmin Cross-site Scripting vulnerability
An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...
Funadmin Cross-site Scripting vulnerability
An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...
CVE-2024-48239
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting XSS...
CVE-2024-48239
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting XSS...
CVE-2024-48238
WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...
GHSA-2MV8-JJM5-F3HR SQL injection in funadmin
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...