CVE-2024-5452 RCE via Property/Class Pollution in lightning-ai/pytorch-lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

ProjectSend Arbitrary File Upload Vulnerability

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. An arbitrary file upload vulnerability exists in ProjectSend. An attacker can exploit the vulnerability to upload arbitrary files to an affected application...