PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.90 contained security vulnerabilities. These vulnerabilities stemmed from the passthrough and apassthrough functions accepting an apibase parameter controlled by the caller...

CVE-2018-25126

CVE-2018-25126 affects Shenzhen TVT NVMS-9000 firmware, used in many white-labeled DVR/NVR/IPC products. The issue arises from hardcoded API credentials and an OS command injection flaw in the configuration services: the web/API interface accepts HTTP/XML requests authenticated with a fixed vendo...

EUVD-2012-2705

Malware in sbrugna...

EUVD-2018-6010

Malware in sbrugna...

EUVD-2022-5073

Malicious code in bioql PyPI...

CVE-2018-14088

An issue was discovered in a smart contract implementation for STeX White List STEWL, an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount 1000000000000000" will cause an integer overflow in withdrawToFounders...

CVE-2024-10500

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/policy/HookWhiteListService.java. The manipulation of the argument policyId leads to sql injection. The attack may be launche...

CVE-2024-4177 Host whitelist parser issue in GravityZone Console On-Premise (VA-11554)

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise...

CVE-2024-32369

SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component...

GHSA-86H2-2G4G-29QX avo possible unsafe reflection / partial DoS vulnerability

Summary The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. Details After reviewing th...

DOM-based Cross-Site Scripting (XSS) in OpenEMR 7.0.0 and below at White list files

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version; Open Source electronic health records and medical practice management application; has DOM-based Cross-Site Scripting XSS vulnerability in the...

phpMyAdmin Bypass white-list protection for URL redirection

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

GHSA-R326-MP8G-6XFC phpMyAdmin Bypass white-list protection for URL redirection

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

Cross-site Scripting (XSS) - Stored

Description Autolab is vulnerable to stored cross-site-scripting in the upload files functionality in courses feature, this can be used to execute XSS attack against the victim who is a student/teacher. Steps to Reproduce PoC 1 login to autolab 2 go to...

[SECURITY] Fedora 33 Update: python-bleach-3.2.1-1.fc33

Bleach is an HTML sanitizing library that escapes or strips markup and attributes based on a white list...

Autoptimize < 2.7.8 - Arbitrary File Upload via "Import Settings"

The plugin attempts to delete malicious files such as .php form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not remove...

STeX White List Numeric Error Vulnerability

STeX White List STEWL is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'withdrawToFounders' function in the smart contract implementation of STEWL. An attacker could exploit this vulnerability to cause loss of funds...

GHSA-2R3V-Q9X3-7G46 Link injection in SimpleSAMLphp

Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts we...

Improper access control

Out of bound access due to lack of check of whiltelist array size while reading the image elf segments. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205...

CORS-Vulnerable-Lab: with COSR configuration error related to the vulnerability code range-vulnerability warning-the black bar safety net

This repository contains the CORS configuration error related to the vulnerable code. You can be on the local machine to configure the vulnerable code, and to the actual use of the CORS related error configuration issue. In this case, I would first like to thank@albinowax, the AKReddy, And Vivek...