Lucene search
K

1760 matches found

NVD
NVD
added 2024/02/14 8:15 p.m.15 views

CVE-2023-50926

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message...

7.5CVSS7.3AI score0.0053EPSS
Exploits0References2
OSV
OSV
added 2024/02/14 6:30 p.m.5 views

CVE-2023-48229 Out-of-bounds write in the radio driver for Contiki-NG nRF platforms

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the readframe function in...

7CVSS7.2AI score0.00387EPSS
Exploits0References4
NVD
NVD
added 2024/02/09 11:15 p.m.12 views

CVE-2024-21624

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

6.5CVSS5.8AI score0.00492EPSS
Exploits0References2
Prion
Prion
added 2024/02/09 11:15 p.m.137 views

Design/Logic Flaw

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

4.3CVSS6.8AI score0.00492EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/02/09 11:15 p.m.17 views

PYSEC-2024-37

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

6.5CVSS6.8AI score0.00492EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/09 10:16 p.m.16 views

CVE-2024-21624 Potential Information Leak in User-Constructed Message Templates in nonebot2

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

5.7CVSS6.5AI score0.00492EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/09 10:16 p.m.17 views

CVE-2024-21624 Potential Information Leak in User-Constructed Message Templates in nonebot2

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

5.7CVSS6.5AI score0.00492EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/02/09 3:4 p.m.23 views

NoneBot Potential Information Leak in User-Constructed Message Templates

Impact This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. Patches The identified vulnerability has been remedied in fix 2509 and will be included in...

6.5CVSS6.9AI score0.00492EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/02/09 3:4 p.m.11 views

GHSA-59J8-776V-XXXG NoneBot Potential Information Leak in User-Constructed Message Templates

Impact This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. Patches The identified vulnerability has been remedied in fix 2509 and will be included in...

5.7CVSS5.8AI score0.00492EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/02/07 6:25 p.m.29 views

Pimcore Admin Classic Bundle permissions are not getting checked when working with tags

Impact You can create, delete etc. tags without having the permission to do so. This vulnerability allows an attacker to perform broken access control and add tags to admin panel and add dumy data. One can do this as intruder and add text parameters with random numbers and this will effect...

9.1CVSS7AI score0.00544EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/02/07 6:25 p.m.16 views

GHSA-3RFR-MPFJ-2JWQ Pimcore Admin Classic Bundle permissions are not getting checked when working with tags

Impact You can create, delete etc. tags without having the permission to do so. This vulnerability allows an attacker to perform broken access control and add tags to admin panel and add dumy data. One can do this as intruder and add text parameters with random numbers and this will effect...

6.5CVSS7.6AI score0.00544EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/07 8:37 a.m.5 views

jgit: arbitrary file overwrite

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS7.7AI score0.01884EPSS
Exploits0References4
OSV
OSV
added 2024/02/05 8:22 p.m.25 views

GHSA-7M8G-FPRR-47FX phpMyFAQ vulnerable to stored XSS on attachments filename

Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side XSS Details On that snippet code of rendering the file attachments from user tables id ?" title="thema ?" id ? filename ? recordlang ? filesize ? mimetype ? The data...

6.5CVSS6.4AI score0.0088EPSS
Exploits1References6
OSV
OSV
added 2024/02/01 8:51 p.m.35 views

GHSA-XW73-RW38-6VJC Classic builder cache poisoning

The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache...

6.9CVSS7.4AI score0.00258EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/01/25 12:0 a.m.3 views

PT-2024-40904 · Crates.Io · Filesystem

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The software in question has not seen a release in over 5 years, with the last commit being over 4 years ago. This raises concerns about maintenance, as the maintainers have not responde...

6.9AI score
Exploits0References4
FreeBSD
FreeBSD
added 2024/01/24 12:0 a.m.11 views

gitea -- Prevent anonymous container access

Problem Description: Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...

7.2AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/01/18 12:34 p.m.35 views

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

Continuous integration and continuous delivery CI/CD misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of...

8.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/01/02 4:42 p.m.21 views

Potential Actions command injection in output filenames (GHSL-2023-275)

Summary The tj-actions/verify-changed-files action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. Details The verify-changed-files workflow returns the list of files changed within a workflow execution. This could...

8.8CVSS8.4AI score0.02621EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/01/02 4:41 p.m.40 views

GHSA-MCPH-M25J-8J63 tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)

Summary The tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. Details The changed-files action returns a list of files changed in a commit or pull request which provides an escapejson...

7.3CVSS9.1AI score0.03351EPSS
Exploits1References6
The Hacker News
The Hacker News
added 2023/12/20 8:39 a.m.33 views

3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals

A six-month-long international police operation codenamed HAECHI-IV has resulted in the arrests of nearly 3,500 individuals and seizures worth $300 million across 34 countries. The exercise, which took place from July through December 2023, took aim at various types of financial crimes such as...

7.2AI score
Exploits0
Rows per page
Query Builder