Arbitrary Command Injection

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Arbitrary Command Injection in the calculate function, which uses the eval function without sufficient protection. An attacker can execute commands on the server by injecting...

Node.js: Permissions policies can be bypassed via process.mainModule

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

Improper Access Control

vantage6server is vulnerable to Improper Access Control. A remote attacker is able to bypass permissions and access unauthorized modules because assigning existing users to a different organizations is not restricted...

AZL-13776 CVE-2023-23918 affecting package nodejs for versions less than 16.19.1-1

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...