EUVD-2020-16764

Malware in sbrugna...

EUVD-2024-51956

Malicious code in bioql PyPI...

OPEXUS FOIAXpress Public Access Link (PAL) multiple vulnerabilities

RISK EVALUATION Multiple vulnerabilities could allow unauthenticated attackers to bypass rate-limiting measures for login attempts, or check for the existence of other users. Low-privileged users can modify certain site content without authorization. 2. RECOMMENDED PRACTICES Upgrade to OPEXUS...

CVE-2024-52812

LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service e.g. kuiperUser role can inject a cross-site scripting payload into the rule id parameter. Then, after any user with access to this service e.g...

CVE-2024-4286

Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...

CVE-2024-4286 Improper Neutralization of Special Elements in mintplex-labs/anything-llm

Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...

Untrusted Search Path

PanelSwWix4.Sdk is vulnerable to Untrusted Search Path. The vulnerability is due to Burn's practice of copying binaries to the unprotected C:\Windows\Temp directory and running them from that unprotected location. This directory is not adequately protected against low privilege user modifications...

PT-2023-26505 · Ivanti · Secure Access Linux +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, so: Software affected versions not specified Description: A logged in user can modify specific files, potentially leading to unauthorized changes in system-wide configuration settings, which could...

CVE-2023-3956 InstaWP Connect <= 0.0.9.18 - Missing Authorization to Unauthenticated Post/Taxonomy/User Add/Change/Delete, Customizer Setting Change, Plugin Installation/Activation/Deactication via events_receiver

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'eventsreceiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add,...

Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] &#40;#NISR03092002A&#41;

NGSSoftware Insight Security Research Advisory Name: spMSSetServerPropertiesn and spMSsetalertinfo Systems: Microsoft SQL Server 2000 Severity: Low Risk Category: Configuration Vendor URL: http://www.microsoft.com/ Author: David Litchfield [email protected] Advisory URL:...

CVE-1999-1095

The CVE-1999-1095 entry concerns the sort utility. It describes that sort creates temporary files and follows symbolic links, enabling a local user to modify arbitrary files writable by the user running sort. This impact is observed in updatedb and other programs that invoke sort. The documents d...

CVE-2000-0579

IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited...