98 matches found
EUVD-2020-16278
Malware in sbrugna...
EUVD-2005-4197
Malware in sbrugna...
EUVD-2023-49772
Malicious code in bioql PyPI...
EUVD-2023-23640
Malicious code in bioql PyPI...
WordPress plugin Dear Flipbook 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
CVE-2024-10602
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file /general/approvecenter/list/inputform/datapickerlink.php. The manipulation of the argument dataSrc leads to sql injection. The attack may be launched...
CVE-2020-23534
A server-side request forgery SSRF vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter...
Tenda AC15 安全漏洞
The Tenda AC15 is a wireless router from the Chinese company Tenda. The Tenda AC15 suffers from a buffer overflow vulnerability that stems from improper handling of the parameter src, no details of the vulnerability are provided at this time...
Tenda AC6 安全漏洞
The Tenda AC6 is a wireless router from the Chinese company Tenda. The Tenda AC6 suffers from a buffer overflow vulnerability that originates from a boundary error in the parameter src when handling untrusted input. An attacker could exploit this vulnerability to execute arbitrary code on the...
PT-2024-17265 · WordPress · Primer Mydata For Woocommerce
Name of the Vulnerable Software and Affected Versions: Primer MyData for Woocommerce plugin for WordPress versions up to, and including, 4.2.1 Description: The issue is related to Reflected Cross-Site Scripting via the img src parameter due to insufficient input sanitization and output escaping...
CVE-2024-10571
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...
VulnCheck KEV: CVE-2024-10571
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...
PT-2024-39197 · WordPress · Dearflip
Name of the Vulnerable Software and Affected Versions: DearFlip plugin for WordPress versions up to, and including, 2.3.32 Description: The issue is related to Reflected Cross-Site Scripting via the pdf source parameter due to insufficient input sanitization and output escaping. This allows...
WordPress plugin DearFlip 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-7877 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.4 through 17.1.7 GitLab CE/EE versions 17.2 through 17.2.5 GitLab CE/EE versions 17.3 through 17.3.2 Description: The issue is related to the use of a regular expression with inefficient computational complexity in...
PKP OPEN JOURNAL SYSTEMS 输入验证错误漏洞
PKP OPEN JOURNAL SYSTEMS PKP OJS is an end-to-end scholarly publishing platform from PKP, Inc. An input validation error vulnerability exists in PKP OPEN JOURNAL SYSTEMS 3.4.0-6 and earlier versions, which stems from the parameter source in file /login/signOut that causes an open redirect...
GHSA-J62R-WXQQ-F3GF mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
PYSEC-2024-243
mlflow/mlflow is vulnerable to Local File Inclusion LFI due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'islocaluri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the...
CVE-2024-1558
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...