PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.90 contained security vulnerabilities. These vulnerabilities stemmed from the passthrough and apassthrough functions accepting an apibase parameter controlled by the caller...

CVE-2018-25126

CVE-2018-25126 affects Shenzhen TVT NVMS-9000 firmware, used in many white-labeled DVR/NVR/IPC products. The issue arises from hardcoded API credentials and an OS command injection flaw in the configuration services: the web/API interface accepts HTTP/XML requests authenticated with a fixed vendo...

EUVD-2012-2705

Malware in sbrugna...

EUVD-2018-6010

Malware in sbrugna...

EUVD-2022-5073

Malicious code in bioql PyPI...

CVE-2018-14088

An issue was discovered in a smart contract implementation for STeX White List STEWL, an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount 1000000000000000" will cause an integer overflow in withdrawToFounders...

CVE-2024-10500

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/policy/HookWhiteListService.java. The manipulation of the argument policyId leads to sql injection. The attack may be launche...

The vulnerability of the white-list analyzer service in the GravityZone proxy server allows a hacker to perform an SSRF attack.

The vulnerability of the white-list analyzer service in the GravityZone proxy server is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

CVE-2024-4177 Host whitelist parser issue in GravityZone Console On-Premise (VA-11554)

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise...

CVE-2024-32369

SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component...

GHSA-86H2-2G4G-29QX avo possible unsafe reflection / partial DoS vulnerability

Summary The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. Details After reviewing th...

DOM-based Cross-Site Scripting (XSS) in OpenEMR 7.0.0 and below at White list files

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version; Open Source electronic health records and medical practice management application; has DOM-based Cross-Site Scripting XSS vulnerability in the...

The vulnerability of the S-Bus protocol implementation in microprogrammed programmable logic controllers (PCD controllers) allows attackers to circumvent the “white list” restrictions and enhance their privileges.

The vulnerability of the S-Bus protocol implementation in microprogrammed programmable logic controllers PCD controllers is related to errors in processing the “white list”. Exploiting this vulnerability can allow an attacker to bypass the restrictions of the “white list” and enhance their...

phpMyAdmin Bypass white-list protection for URL redirection

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

GHSA-R326-MP8G-6XFC phpMyAdmin Bypass white-list protection for URL redirection

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

Cross-site Scripting (XSS) - Stored

Description Autolab is vulnerable to stored cross-site-scripting in the upload files functionality in courses feature, this can be used to execute XSS attack against the victim who is a student/teacher. Steps to Reproduce PoC 1 login to autolab 2 go to...

[SECURITY] Fedora 33 Update: python-bleach-3.2.1-1.fc33

Bleach is an HTML sanitizing library that escapes or strips markup and attributes based on a white list...

Autoptimize < 2.7.8 - Arbitrary File Upload via "Import Settings"

The plugin attempts to delete malicious files such as .php form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not remove...

STeX White List Numeric Error Vulnerability

STeX White List STEWL is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'withdrawToFounders' function in the smart contract implementation of STEWL. An attacker could exploit this vulnerability to cause loss of funds...

GHSA-2R3V-Q9X3-7G46 Link injection in SimpleSAMLphp

Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts we...