4571 matches found
PT-2024-13009 · Kiloview · P1/P2 +2
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to execute commands without authentication, potentially...
CVE-2024-37146
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...
CVE-2024-36420 GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...
CVE-2024-3727 affecting package skopeo for versions less than 1.14.2-4
CVE-2024-3727 affecting package skopeo for versions less than 1.14.2-4. A patched version of the package is available...
CVE-2023-45287 affecting package golang for versions less than 1.20.0-1
CVE-2023-45287 affecting package golang for versions less than 1.20.0-1. A patched version of the package is available...
DEBIAN-CVE-2024-6063
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmxonevent of the file src/filters/dmxm2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally...
PT-2024-37358 · Gpac +1 · Gpac +1
Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master Description: A problem was found in the function xmt node end of the file src/scene manager/loader xmt.c of the component MP4Box. The issue leads to use after free. Local access is required to...
CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability
The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with...
PT-2024-26435 · Libyaml · Libyaml
Name of the Vulnerable Software and Affected Versions: libyaml version 0.2.5 Description: The issue affects the function yaml parser parse of the file /src/libyaml/src/parser.c, making libyaml vulnerable to Denial of Service DDOS attacks. Recommendations: As a temporary workaround, consider...
CVE-2023-45288 affecting package helm for versions less than 3.14.2-2
CVE-2023-45288 affecting package helm for versions less than 3.14.2-2. A patched version of the package is available...
CVE-2024-24786 affecting package moby-compose for versions less than 2.17.3-5
CVE-2024-24786 affecting package moby-compose for versions less than 2.17.3-5. A patched version of the package is available...
CVE-2023-45288 affecting package sriov-network-device-plugin for versions less than 3.6.2-3
CVE-2023-45288 affecting package sriov-network-device-plugin for versions less than 3.6.2-3. A patched version of the package is available...
CVE-2023-45288 affecting package packer for versions less than 1.10.1-2
CVE-2023-45288 affecting package packer for versions less than 1.10.1-2. A patched version of the package is available...
CVE-2023-2253 affecting package moby-compose for versions less than 2.17.3-5
CVE-2023-2253 affecting package moby-compose for versions less than 2.17.3-5. A patched version of the package is available...
PT-2024-37214 · Irfanview · Irfanview
Name of the Vulnerable Software and Affected Versions: IrfanView affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this issue, where the target must visit a...
PT-2024-4747
Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version Description The issue is related to a logic error in the code, which could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for...
PT-2024-4394 · Ruijie · Ruijie Rg-Uac
Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC version 1.0 Description: A critical issue has been found in the function get ip addr details of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads to os command injection. The attack may be...
UBUNTU-CVE-2024-35241
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are...
CGA-VQ89-RJ8F-JH8J
Bulletin has no description...
PT-2024-3954 · Fortinet · Fortiwebmanager
Name of the Vulnerable Software and Affected Versions: Fortinet FortiWebManager versions 6.0.2, 6.2.3 through 6.2.4, 6.3.0, 7.0.0 through 7.0.4, and 7.2.0 Description: The issue is related to an improper authorization in the HTTP Request Handler component of Fortinet FortiWebManager, which can be...