CVE-2024-5943

CVE-2024-5943 — The Nested Pages WordPress plugin is vulnerable to Cross-Site Request Forgery in all versions up to 3.2.7. The issue arises from missing or incorrect nonce validation in the settingsPage function and missing sanitization of the tab parameter. This allows unauthenticated attackers ...

Cross Site Scripting (XSS)

zenml is vulnerable to Cross Site Scripting XSS. The vulnerability is due to missing santization of the logourl field, allowing an attacker to send harmful messages to other users and potentially compromise their accounts...

Arbitrary File Write

mlflow is vulnerable to Arbitrary File Write. The vulnerability is due to improper santization within the mlflow.data.httpdatasetsource.py module, when fetching data over HTTP. The Content-Disposition header is used directly to construct the path where the file is saved to, which allows an attack...

Command Injection

github.com/cea-hpc/sshproxy is vulnerable to Command Injection. The vulnerability is due to missing input santization when constructing the ssh command string, which allows an authorized user to inject options into the ssh command executed by sshproxy...

CVE-2023-41973 Lack of input santization on Zscaler Client Connector enables arbitrary code execution

ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later...

CVE-2023-41973 Lack of input santization on Zscaler Client Connector enables arbitrary code execution

ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later...

Arbitrary Code Execution

composer is vulnerable to Arbitrary Code Execution. The vulnerability due to improper santization when parsing the installed.php/InstalledVersions.ph file during the invocation of Composer. If Composer is invoked within a directory where InstalledVersions.ph was tampered with by an attacker,...

Arbitrary File Read

com.bstek.ureport/ureport2-core is vulnerable to Arbitrary File Read. The vulnerability is due to a lack of image path santization. The image path provided by the user is directly append to the obtained path into the FileInputStream method. This allows an attacker to submit malicious data, leadin...

Code Injection

langchain is vulnerable to Code Injection. The vulnerability is due to improper prompt santization in the PALChain. This vulnerability bypasses CVE-2023-36258...

CVE-2022-45598

Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization...

CVE-2022-45598

Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization...

CVE-2022-45598

Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization...

Directory Traversal

github.com/go-aah/aah is vulnerable to directory traversal. The vulnerability exists in the Serve function in static.go due to improper santization of user input through HTTPEngine.Handle, which allows an attacker to read files outside of the target directory that the server has permission to rea...

go-unzip vulnerable to Path Traversal

Due to improper path santization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

Cloud Foundry Archiver vulnerable to path traversal

Due to improper path santization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

X (Formerly Twitter): Improper santization of edit in list feature at twitter leads to delete any twitter user's list cover photo.

An improper sanitization of the edit list feature at Twitter allowed an attacker to delete any Twitter user's list cover photo. By manipulating the media ID in the request, the attacker could delete the victim's cover photo, violating access controls...

GHSA-733F-44F3-3FRW gopkg.in/macaron.v1 Open Redirect vulnerability

macaron before 1.3.7 has an open redirect in the static handler. Due to improper request santization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...

phpBB 2.0.3 search.php Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6311/info phpBB is vulnerable to cross site scripting attacks. This is due to insufficient santization of user-supplied input. The problem is located in the search.php script. This issue may be exploited by an attacker to...