CVE-2024-28423

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafeload function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file...

CVE-2024-28423

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafeload function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file...

CVE-2024-28423

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafeload function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file...

qdPM 9.2 Information Disclosure

Exploit Title: qdPM 9.2 - DB Connection String and Password Exposure Unauthenticated Date: 03/08/2021 Exploit Author: Leon Trappett thepcn3rd Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: Ubuntu 20.04 Apache2...

Remote Code Execution

JYaml is vulnerable to remote code execution. The library allows unsafe deserialization via the load function, allowing an attacker to execute arbitrary code on the system using a malicious .yml file...

Remote Code Execution (RCE)

Superset is vulnerable to remote code execution RCE attacks. The application uses the unsafe yaml.load function, allowing a malicious user to inject and execute arbitrary code through a .yml file...