11 matches found
EUVD-2023-3243
Malicious code in bioql PyPI...
Nuclei Template Signature Verification Bypass
Summary A vulnerability has been identified in Nuclei's template signature verification system that could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. Affected Component The vulnerability is present in the template signature...
GHSA-7H5P-MMPP-HGMM Nuclei Template Signature Verification Bypass
Summary A vulnerability has been identified in Nuclei's template signature verification system that could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. Affected Component The vulnerability is present in the template signature...
CVE-2024-43405
Insight: CVE-2024-43405 affects ProjectDiscovery Nuclei. The issue is in the template signature verification (signer package), where a newline handling discrepancy between the signature verification and YAML parsing allows an attacker to craft templates that bypass digest verification and potenti...
CVE-2024-43405 Nuclei Template Signature Verification Bypass
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code...
Nuclei allows unsigned code template execution through workflows
Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...
GHSA-M5PC-86X8-WCXG Exposure of Sensitive Information in mltable
Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...
Exposure of Sensitive Information in mltable
Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...
CVE-2023-35625 Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
...
CVE-2022-23526
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in thechartutil package that can cause a segmentation violation. The chartutil package contains a parser that loads a JSON Schema validation file. For example,...
CVE-2022-23526 Helm contains Denial of service through schema file
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in thechartutil package that can cause a segmentation violation. The chartutil package contains a parser that loads a JSON Schema validation file. For example,...