Syft 安全漏洞

Syft is an open-source remote data analysis tool developed by OpenMined, designed for protecting data privacy. Versions of Syft 0.9.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from inadequate validation of Python code submitted by users and insufficient sandbox...

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system developed by MetInfo Corporation. Versions 7.9, 8.0, and 8.1 of MetInfo CMS have security vulnerabilities. These vulnerabilities stem from unvalidated PHP code injection, which could allow remote attackers to execute arbitrary code by sending specially...

Mesop 代码注入漏洞

Mesop is an open-source UI framework for quickly building Python web applications. Versions of Mesop 1.2.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from the /exec-py endpoint in the ai/test module, which executed unvalidated Python code without any...

Ghost SQL注入漏洞

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 3.24.0 to 6.19.0 have SQL injection vulnerabilities. These vulnerabilities stem from unvalidated code, which may allow unauthorized attackers to execute arbitrary reads from the database...

CVE-2024-11024

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possibl...

Pi-hole 访问控制错误漏洞

Pi-hole is a web-grade ad-blocking application from Pi-hole, Inc. Pi-hole suffers from an access control error vulnerability that stems from a lack of validation of code on the root server path...