EUVD-2022-29271

Malicious code in bioql PyPI...

CVE-2025-0712

CVE-2025-0712 concerns Elastic APM Server on Windows and its installer. A local attacker could exploit an uncontrolled search path element caused by insecure directory permissions during Windows installer usage, enabling local privilege escalation to SYSTEM. Affected: APM Server Windows installer...

CVE-2022-24379

Improper input validation in some IntelR Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access...

Cross-site Scripting (XSS)

typo3/cms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to failing to properly encode user input in online media asset rendering for .youtube and .vimeo files, requiring a valid backend user account or write access on the server system to exploit...

GHSA-8M6J-P5JV-V69W TYPO3 Cross-Site Scripting in Online Media Asset Rendering

Failing to properly encode user input, online media asset rendering .youtube and .vimeo files is vulnerable to cross-site scripting. A valid backend user account or write access on the server system e.g. SFTP is needed in order to exploit this vulnerability...

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper user input encoding, which can result in XSS when rendering files from .youtube or .vimeo. Exploitation requires a valid backend user account or write access on the server system e.g., SFTP...

TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling .youtube and .vimeo files in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

GHSA-WG8H-GXF4-G4GH TYPO3 Cross-Site Scripting in Online Media Asset Rendering

Failing to properly encode user input, online media asset rendering .youtube and .vimeo files is vulnerable to cross-site scripting. A valid backend user account or write access on the server system e.g. SFTP is needed in order to exploit this vulnerability...

BIT-MOODLE-2021-40694

Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...

Input validation

Improper input validation in some IntelR Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2022-24379

The CVE relates to Intel Server System M70KLP Family BIOS firmware (before 01.04.0029). Root cause is improper input validation in the BIOS firmware, potentially allowing a privileged user to escalate privileges via local access. Affected products include Intel Server System M70KLP family BIOS fi...

CVE-2022-24379

Improper input validation in some IntelR Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2022-33945

Improper input validation in some IntelR Server board and IntelR Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access...

PT-2023-12747 · Intel · Intel Server System M70Klp Family Bios

Name of the Vulnerable Software and Affected Versions: IntelR Server System M70KLP Family BIOS firmware versions prior to 01.04.0029 Description: The issue is related to improper input validation in the BIOS firmware, which may allow a privileged user to potentially enable escalation of privilege...

Intel® Server Board and Server System Firmware Advisory

Summary: Potential security vulnerabilities in some Intel® Server Board and Server System BIOS firmware may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-34431 Description: Improper input...

Intel Server Board Security Vulnerability

Intel Server Board is a server motherboard from Intel Corporation USA. A security vulnerability exists in the Intel Server Board and Server System BIOS firmware. An attacker could exploit this vulnerability to cause an elevation of privilege...

Intel Server Board and Server System BIOS firmware security vulnerability

Intel Server Board is a server motherboard from Intel Corporation USA. A security vulnerability exists in the Intel Server Board and Server System BIOS firmware. An attacker could exploit this vulnerability to cause an elevation of privilege...

Intel Server Board Security Vulnerability

Intel Server Board is a server motherboard from Intel Corporation USA. A security vulnerability exists in the Intel Server Board and Server System BIOS firmware. An attacker could exploit this vulnerability to cause an elevation of privilege...

OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine

Impact OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script through the Settings that will allow code execution during rendering of that script. An attacker might use this to extract data managed by...

Code injection

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...