Lucene search
K

11652 matches found

CNNVD
CNNVD
added 2024/11/05 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the drm/amd module to properly handle bad data provided by the BIOS when processing the ATIF AC...

5.5CVSS6.7AI score0.00245EPSS
Exploits0References6
NVD
NVD
added 2024/11/04 6:15 p.m.12 views

CVE-2024-51127

An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information...

9.1CVSS0.00699EPSS
Exploits1References2
Hacker One
Hacker One
added 2024/11/02 2:1 p.m.12 views

Node.js: Improper error handling in async cryptographic operations crashes process

The C++ method SignTraits::DeriveBits incorrectly called ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process...

7.5CVSS7.1AI score0.00763EPSS
Exploits0
Citrix
Citrix
added 2024/11/02 12:0 a.m.10 views

New Teams Deployment Guidance for App Layering or User Personalization Layer(UPL)

Microsoft Teams 2.x has changed its installation method and now installs under C:\Program Files\WindowsApps. Based on those changes this article provides the specific steps for the deployment of the Teams 2.x in an App LayeringAL or User Personalization LayerUPL environment. For the most current...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2024/10/29 4:31 p.m.307 views

CVE-2024-9989 Crypto <= 2.18 - Authentication Bypass via log_in

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...

9.8CVSS0.07217EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/10/29 3:32 p.m.34 views

Langchain Path Traversal vulnerability

A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...

9.1CVSS6.9AI score0.00545EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/10/29 1:15 p.m.15 views

CVE-2024-6673

A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...

6.5CVSS6.9AI score
Exploits0References2
NVD
NVD
added 2024/10/29 1:15 p.m.24 views

CVE-2024-6673

A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...

6.5CVSS0.00167EPSS
Exploits1References2
PyPA
PyPA
added 2024/10/29 1:15 p.m.6 views

PYSEC-2024-111

A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...

9.1CVSS6.8AI score0.00545EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/10/29 12:50 p.m.51 views

CVE-2024-6673

CVE-2024-6673 describes a CSRF vulnerability in the Parisneo LoLLMS WebUI. The issue exists in the install_comfyui endpoint of the lollms_comfyui.py file and is triggered via a GET request without client authentication, allowing an attacker to coerce a user into installing ComfyUI. Affected versi...

6.5CVSS5AI score0.00167EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/29 12:50 p.m.14 views

CVE-2024-6673 CSRF Vulnerability in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...

4.4CVSS7.2AI score0.00167EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/29 12:49 p.m.33 views

CVE-2024-7774 Path Traversal in langchain-ai/langchainjs

A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...

6.5CVSS0.00545EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.5 views

PT-2024-16150 · Red Hat · Keycloak-Services

Name of the Vulnerable Software and Affected Versions: Keycloak-services affected versions not specified Red Hat products affected versions not specified Description: A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could...

7.1CVSS4.4AI score0.01264EPSS
Exploits0References31
Snyk
Snyk
added 2024/10/26 12:32 a.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper filtering in the selectfiles method in the \controller\sys\Attachh.php file. An attacker can inject malicious scripts by passing unfiltered parameters and values into the param parameter. Details...

6.1CVSS5.3AI score0.00268EPSS
Exploits1References2
OSV
OSV
added 2024/10/26 12:32 a.m.7 views

GHSA-J9WP-X5Q5-XH2F Funadmin Cross-site Scripting vulnerability

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

6.1CVSS6.1AI score0.00268EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/10/26 12:32 a.m.15 views

Funadmin Cross-site Scripting vulnerability

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

6.1CVSS6.5AI score0.00268EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/10/25 10:15 p.m.3 views

CVE-2024-48239

An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting XSS...

4.8CVSS5.8AI score0.00229EPSS
Exploits1References1
NVD
NVD
added 2024/10/25 10:15 p.m.17 views

CVE-2024-48239

An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting XSS...

4.8CVSS0.00229EPSS
Exploits1References1
OSV
OSV
added 2024/10/25 10:15 p.m.5 views

CVE-2024-48238

WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...

4.7CVSS5.8AI score0.00278EPSS
Exploits1References1
OSV
OSV
added 2024/10/25 9:31 p.m.12 views

GHSA-2MV8-JJM5-F3HR SQL injection in funadmin

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...

9.8CVSS7.3AI score0.00472EPSS
Exploits1References3
Rows per page
Query Builder