29 matches found
CVE-2026-23681 Missing Authorization check in a function module in SAP Support Tools Plug-In
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...
EUVD-2024-52740
Malicious code in bioql PyPI...
CVE-2024-55088
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery SSRF in the backend plugin module...
CVE-2020-22841
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...
CVE-2020-21585
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module...
Think Twice Before You Act: Enhancing Agent Behavioral Safety with Thought Correction
LLM-based autonomous agents possess capabilities such as reasoning, tool invocation, and environment interaction, enabling the execution of complex multi-step tasks. The internal reasoning process, i.e., thought, of behavioral trajectory significantly influences tool usage and subsequent actions...
CVE-2024-55088
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery SSRF in the backend plugin module...
CVE-2024-55088
CVE-2024-55088 affects GetSimple CMS CE 3.3.19 with a Server-Side Request Forgery (SSRF) in the backend plugin module . The CVSS 3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, and privileges required, and impact to confidentiality, integrity, and availability (all...
CVE-2024-55088
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery SSRF in the backend plugin module...
MAL-2024-10661 Malicious code in eslint-plugin-module-dependencies (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afc57b3b316c94a93252629b2c608c1e0dfd28fa51024ff8e2957db8efb8d48b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-1689 WooCommerce Tools <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation
The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommercetooltogglemodule function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2022-42125
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module...
CVE-2022-42125
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module...
PT-2022-16854 · Ultravnc · Ultravnc
Name of the Vulnerable Software and Affected Versions: UltraVNC versions prior to 1.3.8.0 Description: A vulnerability has been found in UltraVNC, a free and open source remote pc access software, where the DSM plugin module allows a local authenticated user to achieve local privilege escalation...
CVE-2020-21585
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module...
CVE-2020-21585
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module...
CVE-2020-21585
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module...
Emlog 代码问题漏洞
Emlog is a PHP and MySQL based CMS builder by the individual developer of Emlog. A security vulnerability exists in emlog v6.0.0, which allows users to upload webshell via zip plugin module...
B2evolution Cross-Site Scripting Vulnerability (CNVD-2021-100271)
B2evolution is a PHP and MySQL-based community content management system. B2evolution cross-site scripting vulnerability can be exploited by attackers to execute malicious JavaScript code via the plugin name input field in the plugin module...
CVE-2020-22841
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...