EUVD-2026-22851

The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the payment integrations Stripe/PayPal trusting a user-submitted calculation field value without recomputing or validating it against the configured form pric...

CVE-2022-42950

An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service...

EUVD-2012-3218

Malware in sbrugna...

EUVD-2017-8032

Malware in sbrugna...

EUVD-2023-2800

Malicious code in bioql PyPI...

EUVD-2023-44941

Malicious code in bioql PyPI...

EUVD-2024-0682

Malicious code in bioql PyPI...

CVE-2024-40442

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request...

CVE-2023-41891

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

CVE-2024-40442

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request...

CVE-2024-40442

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request...

CVE-2024-40442

CVE-2024-40442 affects Doccano open source annotation tools for ML practitioners (v1.8.4) and the Doccano Auto Labeling Pipeline module (v0.1.23). The issue allows a remote attacker to escalate privileges via a crafted REST request due to improper validation of REST endpoints, with impact describ...

CVE-2024-40442

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request...

CVE-2024-40442

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request...

PT-2024-28849 · Unknown +1 · Doccano Auto Labeling Pipeline +1

Name of the Vulnerable Software and Affected Versions: Doccano Open source annotation tools for machine learning practitioners version 1.8.4 Doccano Auto Labeling Pipeline module version 0.1.23 Description: An issue in the affected software allows a remote attacker to escalate privileges via a...

GO-2023-2162 SQL Injection in List Endpoints in github.com/flyteorg/flyteadmin

A malicious user can send a REST request to a List endpoint with filters that contain custom SQL statements. This can result in SQL injection...

CVE-2023-41891

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

CVE-2023-41891 FlyteAdmin SQL Injection in List Filters

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

CVE-2023-41891 FlyteAdmin SQL Injection in List Filters

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

CVE-2023-40370

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470...