5 matches found
Missing Synchronization
Overview Affected versions of this package are vulnerable to Missing Synchronization through unsynchronized access to the Subscriptions map in the PUT /nbsf-management/v1/subscriptions/subId handler. An attacker can cause the process to terminate unexpectedly by sending concurrent authenticated P...
Server-side Request Forgery (SSRF)
Overview cisco-ai-skill-scanner is a Security scanner for Agent Skills packages - Detects prompt injection, data exfiltration, and malicious code Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to its APIs binding to 0.0.0.0. If the API server is enabled, ...
PT-2024-40388 · Pypi · Pypop
Name of the Vulnerable Software and Affected Versions: PyPop versions prior to 1.0.2 Description: Code scanning revealed a possible issue in C extensions for PyPop, involving incorrect function calls, such as missing arguments or wrongly typed arguments, and redundant null pointers...
PT-2023-10291 · WordPress · Wooframework Tweaks Plugin
Name of the Vulnerable Software and Affected Versions: WooFramework Tweaks Plugin versions up to 1.0.1 Description: A vulnerability was found in the WooFramework Tweaks Plugin on WordPress. The issue affects the admin screen logic function of the file wooframework-tweaks.php. The manipulation of...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview org.springframework.integration:spring-integration-zip provides Zip un- compression support. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". It is exploited using a specially crafted zip archive, that holds path traversal...