Lucene search
K

4 matches found

BDU FSTEC
BDU FSTEC
added 2024/09/03 12:0 a.m.5 views

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to external control of file names or paths, allows a perpetrator to load arbitrary PHP scripts and intercept plugin loaders to execute these scripts at will.

The vulnerability of the GLPI system for requests, incidents, and computer equipment inventory management is related to external control of file names or paths. Exploiting this vulnerability allows a malicious actor to load any arbitrary PHP script and intercept the plugin loader to execute that...

8.3CVSS5.7AI score0.2124EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2024/01/21 6:30 p.m.18 views

Unsafe yaml deserialization in llama-hub

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

9.8CVSS7.9AI score0.01192EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/01/21 5:15 p.m.10 views

CVE-2024-23730

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

9.8CVSS9.7AI score0.01192EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/21 12:0 a.m.26 views

CVE-2024-23730

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

9.9AI score0.01192EPSS
Exploits0References3
Rows per page
Query Builder