[R1] Tenable Identity Exposure Version 3.77.14 Fixes Multiple Vulnerabilities

R1 Tenable Identity Exposure Version 3.77.14 Fixes Multiple Vulnerabilities Arnie Cabral Mon, 11/03/2025 - 09:50 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components .NET, SQL and curl were found to contain...

[R1] Tenable Identity Exposure Version 3.93.4 Fixes Multiple Vulnerabilities

R1 Tenable Identity Exposure Version 3.93.4 Fixes Multiple Vulnerabilities Arnie Cabral Fri, 10/17/2025 - 10:02 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. One of the third-party components .NET was found to contain vulnerabilities, and updat...

[R1] Tenable Identity Exposure Version 3.93.4 Fixes Multiple Vulnerabilities

R1 Tenable Identity Exposure Version 3.93.4 Fixes Multiple Vulnerabilities Arnie Cabral Fri, 10/17/2025 - 10:02 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. One of the third-party components .NET was found to contain vulnerabilities, and updat...

Maximize Your Minecraft: Optimal PC Setup and Server Hosting Essentials

Among all ages, Minecraft still rules the gaming scene as a preferred choice. The game provides a broad…...

CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...

CVE-2024-45601 Local file Inclusion via static file serving functionality in Mesop

Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validatio...

CVE-2024-45601

CVE-2024-45601 concerns Mesop, a Python-based UI framework. The issue is a local file inclusion risk via Mesop’s static file serving endpoint caused by insufficient input validation, potentially allowing access to server files not meant to be served. Evidence across multiple references (CVE entri...

CVE-2024-45601 Local file Inclusion via static file serving functionality in Mesop

Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validatio...

GHSA-PMV9-3XQP-8W42 Mesop has a local file Inclusion via static file serving functionality

A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validation in a specific endpoint. This could have allowed an attacker to access files...

CVE-2024-4851 SSRF Vulnerability in stangirard/quivr

A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...

CVE-2024-3271

CVE-2024-3271 affects the run-llama/llama_index project, specifically the safe_eval function. The issue allows command execution via crafted input that bypasses the underscore check in code produced by LLMs, enabling remote code execution on the server. Connected sources corroborate a command-inj...

LlamaIndex 命令注入漏洞

LlamaIndex is a data framework for an LLM application by the individual developer Jerry Liu. LlamaIndex suffers from a command injection vulnerability that stems from an attacker being able to bypass expected security mechanisms and perform remote code execution on the server hosting the...

pgAdmin Remote Code Execution (RCE) vulnerability

pgAdmin = 8.4 is affected by a Remote Code Execution RCE vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the...

CVE-2024-1882

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server...

Remote code execution

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server...

CVE-2023-4122 Student Information System v1.0 - Insecure File Upload

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application...

Authentication flaw

An attacker is able to read any file on the server hosting the H2O dashboard without any authentication...

CVE-2023-6018

An attacker can overwrite any file on the server hosting MLflow without any authentication...

CVE-2023-6016

An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature...

CVE-2023-6016 H2O Remote Code Execution via POJO Model Import

An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature...