14 matches found
CVE-2026-55255
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...
CVE-2022-40497
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution RCE vulnerability via the Active Response endpoint...
kernel: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for connrspepid in htcconnectservice I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type...
CVE-2024-53156 wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for connrspepid in htcconnectservice I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type...
PT-2024-38422 · Logsign · Logsign Unified Secops Platform
Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to...
Remote code execution
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution RCE vulnerability via the Active Response endpoint...
CVE-2022-40497
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution RCE vulnerability via the Active Response endpoint...
CVE-2022-40497
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution RCE vulnerability via the Active Response endpoint...
Wazuh 安全漏洞
Wazuh is an Wazuh open source application. Wazuh 3.6.1 and later, 3.13.5 and earlier, 4.0.0 and later, 4.2.7 and earlier, and 4.3.0 and later, 4.3.7 and earlier are vulnerable to a code execution vulnerability that stems from Active Response endpoint fails to properly filter the special elements ...
PT-2022-25407 · Wazuh · Wazuh
Name of the Vulnerable Software and Affected Versions: Wazuh versions 3.6.1 through 3.13.5 Wazuh versions 4.0.0 through 4.2.7 Wazuh versions 4.3.0 through 4.3.7 Description: The issue is an authenticated remote code execution RCE vulnerability. It can be exploited via the Active Response endpoint...
CVE-2022-30464
ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting XSS via /simplechatbot/classes/Master.php?f=saveresponse...
CVE-2022-30459
ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simplechatbot/classes/Master.php?f=deleteresponse, id...
PT-2022-20131 · Unknown · Chatbot App With Suggestion In Php/Oop
Name of the Vulnerable Software and Affected Versions: ChatBot App with Suggestion in PHP/OOP version 1.0 Description: The issue is related to Cross Site Scripting XSS via the /simple chat bot/classes/Master.php?f=save response API endpoint. This allows for potential malicious script injection. N...
Excerpts from Modern Bank Heists – Threat Hunting Teams & CIR
Carbon Black recently published a report on the newest threats facing the financial world, and how to counteract them. For more information about how Cb Defense, Carbon Black's NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live...