26 matches found
CVE-2026-45397
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on...
SUSE CVE-2025-29943
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest...
DEBIAN-CVE-2025-29943
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest...
CVE-2025-29943
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest...
CVE-2025-29943
CVE-2025-29943 : AMD CPUs (Zen 1–Zen 5; EPYC) contain a hardware/microarchitectural issue where an admin-privileged host can manipulate the CPU pipeline configuration, potentially corrupting the stack pointer inside a SEV-SNP guest. A PoC titled “StackWarp” demonstrates exploitation by a hypervis...
CVE-2025-29943
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest...
CVE-2025-29943
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest...
CVE-2025-29943
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest...
AMD CPU security vulnerabilities
AMD CPUs are a series of CPUs produced by Advanced Microelectronics Devices, Inc. AMD. There are security vulnerabilities in AMD CPUs, which stem from write-condition issues. These vulnerabilities could allow administrators with privileges to modify the CPU’s pipeline configuration, thereby...
EUVD-2022-2520
Malicious code in bioql PyPI...
CVE-2023-28629
GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An attacker that h...
Cross site scripting
GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An attacker that h...
CVE-2023-28629 Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd
GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An attacker that h...
CVE-2023-28629 Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd
GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An attacker that h...
CVE-2023-28629 Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd
GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An attacker that h...
PT-2023-21860 · Gocd · Gocd
Name of the Vulnerable Software and Affected Versions: GoCD versions prior to 23.1.0 Description: The issue is a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An...
plugin: Mercurial SCM plugin can check out from the controller file system
A flaw was found in the Jenkins plugin. Affected versions of the Jenkins Mercurial Plugin allow attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system. This is accomplished by using local paths as SCM URLs, obtaining limited...
CVE-2022-29184 Command Injection/Argument Injection in GoCD
GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via configuring a...
CVE-2022-29184 Command Injection/Argument Injection in GoCD
GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via configuring a...
CVE-2022-30948
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...