10 matches found
Sparx Enterprise Architect 安全漏洞
Sparx Enterprise Architect is a modeling and design tool developed by the Australian company Sparx. Versions of Sparx Enterprise Architect prior to 17.1 contained security vulnerabilities. These vulnerabilities stemmed from security features that restricted user actions. Authorized attackers coul...
OpenProject 操作系统命令注入漏洞
OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 16.6.7 and 17.0.3 had a vulnerability related to operating system command injection. This vulnerability stemmed from an arbitrary file writing vulnerability present in the repository modification...
EUVD-2017-9230
Malware in sbrugna...
CVE-2025-3509
A Remote Code Execution RCE vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically...
CVE-2025-3509
A Remote Code Execution RCE vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically...
CVE-2024-1540
A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized commands, potentially leading to unauthorized...
Path Traversal
github.com/charmbracelet/soft-serve is vulnerable to a Path Traversal. The vulnerability is due to improper handling of user-supplied input in the path traversal mechanism, allows non-admin users to access and modify repositories that should be restricted to others...
CVE-2024-1540 Command Injection in gradio-app/gradio via deploy+test-visual.yml workflow
A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized commands, potentially leading to unauthorized...
Cisco Policy Suite Policy Builder Access Bypass Vulnerability
Cisco Policy Suite is a carrier-grade policy, charging, and subscriber data management solution. A Policy Builder access bypass vulnerability exists in Cisco Policy Suite. The vulnerability stems from a lack of authentication. An attacker can exploit the vulnerability by accessing the Policy...
CVE-2017-18093
This CVE affects Atlassian Fisheye and Crucible: before versions 4.4.3 (for 4.4.x line) and before 4.5.0 are vulnerable. The issue is a cross-site scripting (XSS) vulnerability in the location setting of a configured repository, exploitable by remote attackers who have permission to add or modify...