PT-2024-34305 · Unknown · Stacks Mobile App Builder

Name of the Vulnerable Software and Affected Versions: Stacks Mobile App Builder versions n/a through 5.2.3 Description: The issue allows exposure of sensitive system information to an unauthorized control sphere, enabling the retrieval of embedded sensitive data. Recommendations: For versions n/...

cbtham-feast-az-provider (>=0.2.299b0 <=0.2.302), elemeno-ai-sdk (>=0.0.77 <=0.6.11) +13 more potentially affected by unknown CVE via feast (>=0.14.1 <=0.39.1)

feast PYPI version =0.14.1, =0.2.299b0, =0.0.77, =0.0.1, =0.2.2, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.0.1, =0.0.23 Source cves: unknown CVE Source advisory: SNYK:PYTHON-FEAST-8400488...

aistrainer (>=0.0.1 <=0.0.13), aivoifu (>=0.2.8 <=0.2.9) +21 more potentially affected by unknown CVE via deepspeed (>=0.10.2 <=0.15.1)

deepspeed PYPI version =0.10.2, =0.0.1, =0.2.8, =0.2.0, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =0.4.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DEEPSPEED-8320951...

PT-2024-30784 · Arraytics · Arraytics Timetics

Name of the Vulnerable Software and Affected Versions: Arraytics Timetics versions 1.0.0 through 1.0.23 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions 1.0.0 through...

@aerocorp/cli (=7.0.5), @aj-archipelago/cortex (>=1.1.7 <=1.3.16) +376 more potentially affected by CVE-2024-7042 via @langchain/community (>=0.0.15 <=0.3.29)

@langchain/community NPM version =0.0.15, =1.1.7, =0.0.33-alpha2, =3.114.0, =1.0.0, =0.1.0, =0.0.1, =0.0.2, =0.1.0, =1.54.2, =2.0.0-next.2, =1.0.0-alpha.0, =0.2.13-alpha.0, =0.0.28, =0.0.30 and more Source cves: CVE-2024-7042 Source advisory: OSV:GHSA-6M59-8FMV-M5F9...

LyLme Spage 安全漏洞

LyLme Spage Six Zero navigation page is China Six Zero LyLme open source a navigation page . Dedicated to simple and efficient advertising-free Internet navigation and search portal , support for background add links , customize the search engine , precipitation of the most valuable links , no...

org.openrefine:benchmark (>=3.6-beta1 <=3.8.2), org.openrefine:database (>=3.6-beta1 <=3.8.2) +7 more potentially affected by unknown CVE via org.openrefine.dependencies:butterfly (>=1.2.3 <=1.2.5)

org.openrefine.dependencies:butterfly MAVEN version =1.2.3, =3.6-beta1, =3.6-beta1, =3.6-beta1, =3.6-beta1, =3.6-beta1, =3.6-beta1, =3.6-beta1, =3.7-beta1, =3.6-beta1, =3.6.2 Source cves: unknown CVE Source advisory: OSV:GHSA-MPCW-3J5P-P99X...

AshPostgres 安全漏洞

AshPostgres is an Ash Framework open source a PostgreSQL data layer for the Ash Framework. A security vulnerability exists in AshPostgres versions prior to 2.0.0 through 2.4.10, which stems from a policy that may be skipped for update operations under certain circumstances, resulting in the...

ai.optfor:spring-openai-api (>=0.1 <=0.3.25), am.ik.s3:simple-s3-client (>=0.1.0 <=0.1.1) +4174 more potentially affected by CVE-2024-38820 via org.springframework:spring-web (>=6.0.0 <=6.0.23)

org.springframework:spring-web MAVEN version =6.0.0, =0.1, =0.1.0, =0.2.3, =0.2.3, =0.0.6, =0.0.6, =4.6.18, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =1.5.0.RELEASE, =1.5.2.RELEASE and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...

SUSE CVE-2024-49195

Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair...

PT-2024-9303 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.x Description: The issue is related to an incorrect specified argument vulnerability in the Dell PowerScale OneFS operating system. This vulnerability can be exploited by a remote...

Drupal core 10.0-10.2.9 - Unauthenticated Multiple Vulnerabilities

Unauthenticated Multiple Vulnerabilities discovered by ? in WordPress Core Drupal versions 10.0-10.2.9...

CVE-2024-21258

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base...

PT-2024-7012 · Oracle · Oracle Advanced Pricing

Name of the Vulnerable Software and Affected Versions: Oracle Advanced Pricing component: Price List versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient authorization procedure due to incorrect input validation in the Price List component of Oracle Advanced Pricing,...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle E-Business Suite...

Astro 跨站脚本漏洞

Astro is an Astro open source web framework for content-driven websites. A cross-site scripting vulnerability exists in Astro versions 3.0.0 through 4.16.1 and earlier, which stems from not properly cleaning up the name attribute on a page...

PT-2024-31907 · Zhejiang University · Zhejiang University Entersoft Customer Resource Management System

Name of the Vulnerable Software and Affected Versions: Zhejiang University Entersoft Customer Resource Management System versions v2002 through v2024 Description: An arbitrary file upload vulnerability in the ProductAction.entphone interface allows attackers to execute arbitrary code via uploadin...

academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +318 more potentially affected by CVE-2024-47167 via gradio (>=1.7.7 <=4.8.0)

gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.1, =0.1.0, =0.8.11, =0.4.0, =0.0.4, =0.7.0.dev134, =0.7.0.dev143 - anymodality =0.1.0 - apillava =0.1.0 and more Source cves: CVE-2024-47167 Source advisory: OSV:PYSEC-2024-215...

academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +318 more potentially affected by CVE-2024-47164 via gradio (>=1.7.7 <=4.8.0)

gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.1, =0.1.0, =0.8.11, =0.4.0, =0.0.4, =0.7.0.dev134, =0.7.0.dev143 - anymodality =0.1.0 - apillava =0.1.0 and more Source cves: CVE-2024-47164 Source advisory: OSV:PYSEC-2024-213...

africanwhisper (>=0.2.1 <=0.9.0), agentx (>=0.0.6 <=0.0.27) +56 more potentially affected by CVE-2024-47084 via gradio (>=4.0.0b15 <=4.43.0)

gradio PYPI version =4.0.0b15, =0.2.1, =0.0.6, =0.4.0, =25.3.1, =1.1.0, =0.1.0, =25.3.1, =0.1.2, =0.2.11, =25.3.4, =0.1.1, =0.5.0, =0.0.41, =0.0.65 and more Source cves: CVE-2024-47084 Source advisory: SNYK:PYTHON-GRADIO-8180440...