25 matches found
Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally...
CVE-2025-65717
An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page...
CVE-2025-65717
CVE-2025-65717 affects Visual Studio Code Live Server extension (v5.7.9). According to connected sources, an attacker can exfiltrate local files by luring a developer to a crafted HTML page which, via the local development HTTP server on localhost:5500, executes JavaScript to crawl and send files...
CVE-2025-14265
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
EUVD-2024-40362
Malicious code in bioql PyPI...
CVE-2002-1718
Microsoft Internet Information Server IIS 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension FPSE file, as claimed using an HTTP request for colegal.htm that contains .. dot dot sequences...
CVE-2024-11045
A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...
CVE-2024-11045 Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui
A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...
CVE-2024-11045
The CVE-2024-11045 CSWSH issue affects automatic1111/stable-diffusion-webui 1.10.0, where lack of validation for WebSocket connections at ws://127.0.0.1:7860/queue/join enables unauthorized actions such as cloning server extensions, running malicious scripts, data exfiltration, and potential DoS....
CVE-2021-39160
nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade...
KLA77104 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure Database for PostgreSQL Flexible Server Extension...
jupyterlab-lsp Security Vulnerabilities
jupyterlab-lsp is a tool that provides coding help for JupyterLab using the Language Server protocol. A security vulnerability exists in jupyterlab-lsp 2.2.1 and earlier versions, which stems from a lack of authentication of the jupyter-lsp server extension endpoint, allowing an attacker to acces...
CVE-2021-39160
nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade...
PYSEC-2021-316
nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade...
CVE-2021-39160
nbgitpuller is a Jupyter server extension that is vulnerable to arbitrary code execution due to unsanitized input when visiting crafted links. The issue affects the component responsible for syncing a git repository to a local path and has been fixed in version 0.10.2; users are advised to upgrad...
openSUSE Security Update : mbedtls (openSUSE-2016-903)
This mbedtls update to version 1.3.17 fixes the following issues : Security issues fixed : - Fix missing padding length check in mbedtlsrsarsaespkcs1v15decrypt required by PKCS1 v2.2 - Fix a potential integer underflow to buffer overread in mbedtlsrsarsaesoaepdecrypt. It is not triggerable remote...
PT-2020-7742 · Zend · Zend Framework
Name of the Vulnerable Software and Affected Versions: Zend Framework versions prior to 1.12.9 Zend Framework versions 2.2.x prior to 2.2.8 Zend Framework versions 2.3.x prior to 2.3.3 Description: The issue allows remote attackers to execute arbitrary SQL commands via a null byte when using the...
openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0965-2)
Multithreaded OpenSSL servers using the TLS server extension are vulnerable to a buffer overrun attack CVE-2010-3864. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libopenssl-devel-3562. The...
Mandriva Update for x11-driver-video-vesa MDKA-2007:069 (x11-driver-video-vesa)
Check for the Version of x11-driver-video-vesa OpenVAS Vulnerability Test Mandriva Update for x11-driver-video-vesa MDKA-2007:069 x11-driver-video-vesa Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...
PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)
This module exploits an integer overflow vulnerability in the unserialize function of the PHP web server extension. This vulnerability was patched by Stefan in version 4.5.0 and applies all previous versions supporting this function. This particular module targets numerous web applications and is...