28 matches found
Firebird 安全漏洞
Firebird is a set of open-source, cross-platform relational database management systems provided by the Firebird Foundation, offering multiple ANSI SQL-92 features. Vulnerabilities exist in versions prior to Firebird 5.0.4, 4.0.7, and 3.0.14. These vulnerabilities stem from the external engine...
Improper Control of Generation of Code ('Code Injection') in @tygo-van-den-hurk/slyde
Impact This is a remote code execution RCE vulnerability. Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file could execute arbitrary code when installed or required. All projects using this loading behavior are...
PT-2026-20786
Name of the Vulnerable Software and Affected Versions Slyde versions 0.0.4 and below Description Slyde is a program used to create animated presentations from XML. A remote code execution issue exists because Node.js automatically imports /.plugin.js,mjs files, including those from node modules...
EUVD-2025-26625
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-37149
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An...
CVE-2025-56803
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...
CVE-2025-56803
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...
CVE-2025-56803
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...
Figma Desktop 安全漏洞
Figma Desktop is a vector graphics editor and prototyping tool from Figma. A security vulnerability exists in Figma Desktop version 125.6.5, which stems from a command injection vulnerability in the local plugin loader that could lead to remote code execution...
PT-2025-35802
Name of the Vulnerable Software and Affected Versions: Figma Desktop versions 125.6.5 Description: Figma Desktop for Windows version 125.6.5 contains a command injection issue in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin'...
CVE-2024-23730
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
CVE-2024-37149
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...
CVE-2024-37149
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...
UBUNTU-CVE-2024-37149
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...
CVE-2024-37149 GLPI allows remote code execution through the plugin loader
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...
CVE-2024-37149 GLPI allows remote code execution through the plugin loader
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...
CVE-2024-37149 GLPI allows remote code execution through the plugin loader
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...
GLPI Security Vulnerabilities
GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...
PT-2024-5859 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to the GLPI system, which is an open-source asset and IT management software package providing ITIL Service Desk features, licenses tracking, and software auditing. An...
GLPI -- multiple vulnerabilities
GLPI team reports: GLPI 10.0.16 Changelog SECURITY - high Account takeover via SQL Injection in AJAX scripts CVE-2024-37148 SECURITY - high Remote code execution through the plugin loader CVE-2024-37149 SECURITY - moderate Authenticated file upload to restricted tickets CVE-2024-37147...