CVE-2026-1777

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...

There is no check that price from Chainlink hits min/max answer

Lines of code Vulnerability details Impact Chainlink aggregator has bounds minAnswer and maxAnswer within which the price can be set. In a case like LUNA, Chainlink will return minAnswer instead of real asset value, overvaluing it. Proof of Concept Here is explained that current Aggregators have...

ASB-A-184046278

In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

QNAP MusicStation / MalwareRemover File Upload / Command Injection Vulnerabilities

QNAP MusicStation/MalwareRemover Pre-Auth Remote Code Execution Summary QNAP MusicStation and MalwareRemover official apps are affected by an arbitrary file upload and a command injection vulnerabilities, leading to pre-auth remote root command execution. Product description from vendor “QNAP...

NETGEAR Buffer Overflow Vulnerability (CNVD-2021-63380)

NETGEAR D6220 is a wireless modem, NETGEAR R6300 is a wireless router, and NETGEAR EX3700 is a wireless network signal extender. A buffer overflow vulnerability exists in multiple NETGEAR products. The vulnerability stems from a network system or product that does not properly validate data...

curl: Github wikis are editable by anyone #Githubwikistakeover

Hey Curl, Github wiki on the following project, https://github.com/curl/curl/wiki can be edited by any logged in user in the system. This poses security and reputation risk for the company. As your policy i doesnot edited any of the wiki :- Regards, @MSRC29 Impact As wikis listed above can be...

ELMAH (Error Logging Modules and Handlers) Remotely Accessible

The remote web server hosts ELMAH, an error logging application used with ASP.NET web applications. The elmah.axd script was accessed remotely without authentication, which could provide detailed information that could provide a remote, unauthenticated attacker with sensitive data that could be...

osCSS 1.2.1 - Arbitrary File Upload

osCSS 1.2.1 - Arbitrary File Upload ======================================================================= osCSS 1.2.1 REMOTE FILE UPLOAD Vulnerabilities ======================================================================= Vendor: http://www.oscommerce.com/ Date: 2010-05-27 Author : indoushka...

PHP 5.2.6 - error_log Safe_mode Bypass

PHP 5.2.6 - errorlog Safemode Bypass SecurityReason.com PHP 5.2.6 errorlog safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 securityreason.com Date: - - Written: 10.11.2008 - - Public: 20.11.2008 SecurityReason Research SecurityAlert Id: 57 CWE: CWE-264 SecurityRisk: Medium Affected...

MX-System 2.7.3 (index.php page) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================================== MX-System 2.7.3 index.php page Remote SQL Injection Vulnerability =================================================================== Name : MX-System 2.7.3 index.php page...

SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityReason - Apache modstatus Refresh Header - Open Redirector XSS Author: sp3x Date: - - Written: 15.12.2007 - - Public: 15.01.2008 SecurityReason Research SecurityAlert Id: 50 CVE: CVE-2007-6388 SecurityRisk: Low Affected Software: Apache 2.2.x...

SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability Author: sp3x Date: - - Written: 06.12.2007 - - Public: 09.01.2008 SecurityReason Research SecurityAlert Id: 48 CVE: CVE-2007-6420 CVE-2007-6421 CVE-2007-6422 CVE-2007-6423...

PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.1.6 / 4.4.4 Critical phpadmin bypass by inirestore Author: Maksymilian Arciemowicz cXIb8O3 Date: - - Written: 05.09.2006 - - Public: 09.09.2006 SecurityAlert Id: 42 CVE: CVE-2006-4625 SecurityRisk: High Affected Software: PHP 5.1.6 / 4.4.4 = x...