11231 matches found
CVE-2024-5023 Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0...
CVE-2024-3435
A path traversal vulnerability exists in the 'savesettings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'applysettings' function, allowing an...
CVE-2024-3126
A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...
CVE-2024-3435 Path Traversal in parisneo/lollms-webui
A path traversal vulnerability exists in the 'savesettings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'applysettings' function, allowing an...
CVE-2024-3435 Path Traversal in parisneo/lollms-webui
A path traversal vulnerability exists in the 'savesettings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'applysettings' function, allowing an...
CVE-2024-3126 Command Injection in parisneo/lollms-webui
A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...
CVE-2024-3126 Command Injection in parisneo/lollms-webui
A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...
Magento RCE,XSS and other vulnerabilities
Magento Commerce and Open Source 2.3.0, 2.2.7 and 2.1.16 contain multiple security enhancements that help close Remote Code Execution RCE, Cross-Site Scripting XSS and other vulnerabilities...
GHSA-8J7C-682X-R9F2 Magento RCE,XSS and other vulnerabilities
Magento Commerce and Open Source 2.3.0, 2.2.7 and 2.1.16 contain multiple security enhancements that help close Remote Code Execution RCE, Cross-Site Scripting XSS and other vulnerabilities...
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Magento Commerce and Open Source 2.2.5 and 2.1.14 contain multiple security enhancements that help close authenticated Admin user remote code execution RCE, Cross-Site Scripting XSS and other vulnerabilities...
GHSA-5GMH-85X8-5CX7 Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Magento Commerce and Open Source 2.2.5 and 2.1.14 contain multiple security enhancements that help close authenticated Admin user remote code execution RCE, Cross-Site Scripting XSS and other vulnerabilities...
GHSA-CV25-3PXR-4Q7X Magento Open Source Security Advisory: Patch SUPEE-10975
Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution RCE, cross-site scripting XSS, cross-site request forgery CSRF, and more. The following issues have been identified and...
Magento Open Source Security Advisory: Patch SUPEE-10975
Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution RCE, cross-site scripting XSS, cross-site request forgery CSRF, and more. The following issues have been identified and...
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
SUPEE-10975, Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 contain multiple security enhancements that help close remote code execution RCE, cross-site scripting XSS, cross-site request forgery CSRF and other vulnerabilities...
GHSA-6WM4-3RJJ-C8XX Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
SUPEE-10975, Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 contain multiple security enhancements that help close remote code execution RCE, cross-site scripting XSS, cross-site request forgery CSRF and other vulnerabilities...
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Magento Commerce 1.14.3.9 and Open Source 1.9.3.9 bring essential security enhancements with Patch SUPEE-10752. These updates address various vulnerabilities, including authenticated Admin user remote code execution RCE, cross-site request forgery CSRF, and more. Key Security Improvements: -...
GHSA-PRPF-CJ87-HWVR Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Magento Commerce 1.14.3.9 and Open Source 1.9.3.9 bring essential security enhancements with Patch SUPEE-10752. These updates address various vulnerabilities, including authenticated Admin user remote code execution RCE, cross-site request forgery CSRF, and more. Key Security Improvements: -...
GHSA-QM5C-M76R-2HFR Laravel RCE vulnerability in "cookie" session driver
Applications using the "cookie" session driver that were also exposing an encryption oracle via their application were vulnerable to remote code execution. An encryption oracle is a mechanism where arbitrary user input is encrypted and the encrypted string is later displayed or exposed to the use...
Laravel RCE vulnerability in "cookie" session driver
Applications using the "cookie" session driver that were also exposing an encryption oracle via their application were vulnerable to remote code execution. An encryption oracle is a mechanism where arbitrary user input is encrypted and the encrypted string is later displayed or exposed to the use...
Laravel RCE vulnerability in "cookie" session driver
Application's using the "cookie" session driver were the primary applications affected by this vulnerability. Since we have not yet released a security release for the Laravel 5.5 version of the framework, we recommend that all applications running Laravel 5.5 and earlier do not use the "cookie"...