14 matches found
CVE-2026-31226
CVE-2026-31226 relates to a critical command-injection in TinyZero’s HDFS file operations utilities. The flaw stems from unsafe shell command construction and execution via os.system(), where user-controlled input (e.g., file paths) is interpolated using f-strings inside the _copy() function. An ...
PT-2026-25547
Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.7.0 Description A command injection issue exists due to the direct interpolation of user-supplied container image names into shell commands without proper sanitization. These commands are then executed using the...
EUVD-2023-42154
Malicious code in bioql PyPI...
CVE-2025-7954 Race Condition in Shopware Voucher Submission
A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations...
PT-2024-1875 · Intel · Intel(R) Sur For Gameplay
Name of the Vulnerable Software and Affected Versions: IntelR SUR for Gameplay Software versions prior to 2.0.1901 Description: The issue is related to an uncontrolled search path in the Intel System Usage Report software, which may allow a privileged user to potentially enable escalation of...
Authorization
Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...
CVE-2023-2534
CVE-2023-2534 affects OTRS 8 (Websocket API backend). The issue allows an authenticated Agent to track user behavior and gain live insight into overall system usage, with possible correlation of user IDs to real names via ticket histories. The vulnerability is associated with the Websocket push e...
CVE-2023-2534 Information disclouse and DoS via websocket push events
Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...
Ctags 操作系统命令注入漏洞
Ctags is Sourceforge open source for generating indexed files from a program's source code tree, thus facilitating text editors to achieve rapid location of the utility. Ctags has a security vulnerability that originates from externalSortTags in sort.c calling the system3 function in an unsafe...
CVE-2019-1631 Cisco Integrated Management Controller Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...
CVE-2019-1692
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certa...
CVE-2019-1692
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certa...
CVE-2019-1692 Cisco Application Policy Infrastructure Controller Web-Based Management Interface Usage Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certa...
UF Zhiyuan A6 collaborative system of high-risk SQL injection-vulnerability warning-the black bar safety net
The system usage is very large code area /yyoa/HJ/iSignatureHtmlServer. jsp? COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 DOCUMENTID, the SIGNATUREID are the presence of error injection A simple test method code area...