89987 matches found
The vulnerability of Adobe InDesign’s computer layout automation tool, related to buffer overflow in dynamic memory, allows attackers to execute arbitrary code.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to overflowing buffers in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to buffer overflow in dynamic memory, allows attackers to execute arbitrary code.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to overflowing buffers in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...
The vulnerability of the “Universal Import” module, related to improper code generation, allows a hacker to execute arbitrary code.
The vulnerability of the “Universal Import” module is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the formSetNetCheckTools() function in the Tenda W15E router’s microprogramming software allows a hacker to cause a service failure.
The vulnerability of the formSetNetCheckTools function in the Tenda W15E router’s microprogramming software is related to the issue of the operation going beyond the buffer in memory when processing the hostname parameter. Exploiting this vulnerability could allow a malicious actor to cause servi...
The vulnerability of the formAddWewifiWhiteUser() function in the Tenda W15E router software allows a hacker to induce a service failure.
The vulnerability of the formAddWewifiWhiteUser function in the Tenda W15E router’s microprogramming software is related to the issue of the operation going beyond the buffer in memory when processing the wewifiWhiteUserInfo parameter. Exploiting this vulnerability could allow a remote attacker t...
The vulnerability of the loader for GGUF models in the Ollama system, which is used to run and manage large language models (LLMs). This vulnerability allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the loader for GGUF models in the Ollama system, which is used to run and manage large language models, involves reading data beyond the permitted range in memory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerabilities of the GOMODPROXY and GOSUMDB modules in the Go programming language allow attackers to circumvent security restrictions and gain access to read and modify data.
The vulnerability of GOMODPROXY and GOSUMDB modules written in the Go programming language is related to improper verification of the cryptographic signature. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain access to read and modify data...
The vulnerability of the Link Preview function in browsers Google Chrome and Microsoft Edge allows a hacker to bypass security restrictions.
The vulnerability of the Link Preview function in browsers such as Google Chrome and Microsoft Edge is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions remotely...
The vulnerability of the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) arises from synchronization errors when using a shared resource. This vulnerability allows attackers to bypass existing security mechanisms and gain unauthorized access to protected information.
The vulnerability of the AI agent OpenClaw formerly known as ClawdBot or MoltBot is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a malicious actor to bypass existing security mechanisms and gain unauthorized access to protected information...
The vulnerability of the Boa Webserver component in the D-Link DCS-5615 microprogrammed software camera allows a intruder to increase their privileges.
The vulnerability of the Boa Webserver component in the microprogramming-based D-Link DCS-5615 IP camera is related to deficiencies in access control. Exploiting this vulnerability can allow a remote attacker to enhance their privileges...
The vulnerability of the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) relates to synchronization errors when using a shared resource. This vulnerability allows a hacker to bypass existing security mechanisms and execute arbitrary code.
The vulnerability of the AI agent OpenClaw formerly known as ClawdBot or MoltBot is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to bypass existing security mechanisms and execute arbitrary code...
The vulnerability of the web interface of D-Link DGS-1100-08PD microprogramming software allows a hacker to increase their privileges.
The vulnerability of the web interface of D-Link DGS-1100-08PD microprogramming software is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created HTML page...
The vulnerability of the nft_map_catchall_activate() function in the nf_tables component of the Linux kernel allows a hacker to cause a service failure.
The vulnerability of the nftmapcatchallactivate function in the nftables component of the Linux kernel relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the WebML component in Google Chrome and Microsoft Edge browsers on macOS operating systems allows a hacker to gain unauthorized access to protected information.
The vulnerability of the WebML component in Google Chrome and Microsoft Edge browsers on MacOS operating systems is related to the use of uninitialized variables. Exploiting this vulnerability could allow an attacker, acting remotely, to gain unauthorized access to protected information...
The vulnerability of the Collaborative Translation Framework (CTFMON) subsystem in Windows operating systems, which allows a hacker to increase their privileges
The vulnerability of the Collaborative Translation Framework CTFMON in Windows operating systems is related to the improper handling of symbolic links before accessing a file. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of Microsoft Windows Defender operating systems, which allows attackers to increase their privileges
The vulnerability of Microsoft Windows Defender operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow attackers to gain increased privileges...
The vulnerability of the HTTP.sys driver on Windows operating systems, which allows a hacker to trigger a service failure
The vulnerability of the HTTP.sys driver on Windows operating systems is related to access control deficiencies. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the Media components in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.
The vulnerability of the Media components in Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of the Payments component in Google Chrome and Microsoft Edge browsers allows a hacker to replace the user interface.
The vulnerability of the Payments component in Google Chrome and Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability could allow a malicious actor to replace the user interface...
The vulnerability of the Extensions component of Google Chrome and Microsoft Edge browsers allows attackers to disclose protected information.
The vulnerability of the Extensions component in Google Chrome and Microsoft Edge is related to a data source confirmation error. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...
The vulnerability of the Cronet web component in Google Chrome allows a hacker to replace the domain name.
The vulnerability of the Cronet web component of Google Chrome is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to replace a domain name using a specially created domain name...
The vulnerability in the user interfaces of Microsoft Edge and Google Chrome allows a hacker to replace the interface with a specially created HTML page.
The vulnerability of Microsoft Edge and Google Chrome browser user interfaces is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to replace the interface with a specially created HTML page...
The vulnerability of the PraisonAI framework, related to the lack of authentication for critical functions, allows attackers to gain unauthorized access to protected information.
The vulnerability of the PraisonAI framework is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Media components in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.
The vulnerability of the Media components in Google Chrome and Microsoft Edge is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the load_data() function in the llama_index/readers/obsidian/base.py file of the ObsidianReader plugin, which allows an intruder to gain unauthorized access to protected information.
The vulnerability of the loaddata function in the llamaindex/readers/obsidian/base.py file of the ObsidianReader plugin is related to path traversal. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the AIDE intrusion detection system, related to pointer assignment errors, allows a intruder to trigger a service failure.
The vulnerability of the AIDE intrusion detection system is related to errors in pointer assignment. Exploiting this vulnerability could allow an intruder to trigger a service failure...
The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge browsers on Windows operating systems allows a hacker to gain unauthorized access to protected information.
The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge browsers on Windows operating systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected informatio...
The vulnerability of the Configuration Handler component in the /upload.cgi file of the BlackVue Dashcam 590X software allows a violator to disclose protected information.
The vulnerability of the Configuration Handler component in the /upload.cgi file of the BlackVue Dashcam 590X microprogramming system is related to access control errors. Exploiting this vulnerability could allow an intruder to disclose protected information...
The vulnerability of the CONTENT_LENGTH component in the /cgi-bin/upload.cgi file of the Wi-Fi signal booster software WINSTAR WN572HP3 allows a perpetrator to execute arbitrary code.
The vulnerability of the CONTENTLENGTH component in the /cgi-bin/upload.cgi file of the Wi-Fi signal booster software WINSTAR WN572HP3 is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...
The vulnerability of the openDCIM software for managing data centers’ infrastructure lies in the lack of authentication procedures, which allows unauthorized users to gain access to protected information.
The vulnerability of the openDCIM software for managing data infrastructure is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability affects the implementations of the Internet Key Exchange (IKEv1) protocol in software-based remote access solutions such as Check Point Remote Access VPN, Check Point Mobile Access/SSL VPN, and the network interface layer of Check Point Spark. This vulnerability allows attackers to circumvent existing security restrictions and establish a VPN connection.
The vulnerability of the Internet Key Exchange IKEv1 protocol implementation in Check Point Remote Access VPN, Check Point Mobile Access/SSL VPN, and Check Point Spark network gateways is related to authentication procedures’ deficiencies. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the openDCIM software for managing data processing infrastructure lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.
The vulnerability of the openDCIM software for managing data infrastructure is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the formatting function of the SQL parser for Python, Sqlparse, allows a hacker to cause a service failure.
The vulnerability of the formatting function of the SQL parser for Python, Sqlparse, is related to insufficient resource control during its existence. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the OPNsense operating system, related to the failure to take measures to neutralize special elements, allows a perpetrator to execute arbitrary code.
The vulnerability of the OPNsense operating system is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the OpenVPN Client Import Workflow component of the GL.iNet GL-MT3000 router microsystem allows a intruder to inject arbitrary commands.
The vulnerability of the OpenVPN Client Import Workflow component of the GL.iNet GL-MT3000 router microsystem lies in the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to inject arbitrary commands...
The vulnerability of Keycloak’s client authentication mechanism in the UDS Identity Config configuration package allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the client authentication mechanism in the UDS Identity Config configuration package is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protecte...
The vulnerability of the RetrieveTokenData() function in the Portainer container management platform allows a hacker to increase their privileges.
The vulnerability of the RetrieveTokenData function in the Portainer container management platform is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...
The vulnerability of QStar Archive Solutions’ software for working with archives lies in improper code generation management, allowing attackers to execute arbitrary code.
The vulnerability of the software for working with QStar Archive Solutions is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the IPv6 packet parser in the Inspect.sys driver of the Comodo Internet Security comprehensive information protection tool allows a hacker to cause a service failure.
The vulnerability of the IPv6 packet parser in the Inspect.sys driver of the Comodo Internet Security comprehensive information protection tool is related to a significant loss of importance. Exploiting this vulnerability could allow an attacker to cause service interruptions...
The vulnerability of the npm library eslint-config-prettier lies in the presence of undeclared features, which allows a malicious actor to execute arbitrary code.
The vulnerability of the npm library eslint-config-prettier is related to the presence of undeclared features. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
The vulnerability of the filestring() function in the nltk.util module of the NLTK natural language processing and statistics library allows attackers to read arbitrary files.
The vulnerability of the filestring function in the nltk.util module of the NLTK natural language processing and statistics library is related to an incorrect path limitation for the directory. Exploiting this vulnerability could allow a malicious actor to read arbitrary files...
The vulnerability of the StanfordSegmenter module in the Natural Language Processing and statistics library package allows a hacker to execute arbitrary code.
The vulnerability of the StanfordSegmenter class in the NLTK library for symbolic and statistical processing of natural language is related to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the CorpusReader class in the NLTK library for symbolic and statistical processing of natural language allows a hacker to read arbitrary files.
The vulnerability of the CorpusReader class in the NLTK library for symbolic and statistical processing of natural language is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to read arbitrary fil...
The vulnerability of the ExtensionValue getData() function in the MessagePack NodeJS/JavaScript msgpackr implementation allows a hacker to cause a service failure.
The vulnerability of the ExtensionValue getData implementation in MessagePack NodeJS/JavaScript msgpackr is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the administrative interface of the Java Lucee virtual machine allows a perpetrator to execute arbitrary code.
The vulnerability of the administrative interface of the Java Lucee virtual machine’s scripting language is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Bitwarden password manager lies in the insufficient protection of its website structure, which allows attackers to execute XSS attacks.
The vulnerability of the Bitwarden password manager is related to insufficient protection of the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...
The vulnerability of tools for storing and delivering content within containers arises from deficiencies in authentication mechanisms, allowing unauthorized individuals to gain unauthorized access to protected information.
The vulnerability of the tools for storing and delivering content within containers like Distribution is related to deficiencies in authentication mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the HTTP Endpoint component in the /upload.cgi file of the BlackVue Dashcam 590X software, which allows a violator to trigger a service failure.
The vulnerability of the HTTP Endpoint component of the /upload.cgi file in the BlackVue Dashcam 590X microprogramming system is related to access control errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the openDCIM software for managing data center infrastructure lies in its lack of mechanisms to neutralize certain special elements, allowing a perpetrator to execute arbitrary code.
The vulnerability of the openDCIM software for managing data centers’ infrastructure is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...