4 matches found
Google ADK-Python - Unauthenticated Builder Endpoint
Google Agent Development Kit ADK 1.7.0 through 1.28.1 and 2.0.0a1 through 2.0.0a2 on Python OSS, Cloud Run, and GKE contains a code injection and missing authentication vulnerability, letting unauthenticated remote attackers execute arbitrary code on the server, exploit requires no authentication...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the processing of stream headers within ASF files due to improper validation of the length of user-supplied data before copying it to a fixed-length heap-based buffer. An attacker can achieve arbitrary code...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources and sensitive information by sending crafted HTTP GET requests to internal IP addresses through the endpoint. Note: This is only...
PT-2023-21150 · Unknown · Quickentity-Editor-Next
Name of the Vulnerable Software and Affected Versions: quickentity-editor-next versions prior to 1.28.1 Description: The issue concerns an open source, system local, video game asset editor. In affected versions, HTML tags in entity names are not sanitized, leading to an XSS vulnerability. This...