90104 matches found
The vulnerability of the Media components in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.
The vulnerability of the Media components in Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of the PraisonAI framework, related to the lack of authentication for critical functions, allows attackers to gain unauthorized access to protected information.
The vulnerability of the PraisonAI framework is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the sub_41CF20() function in the /boafrm/formUSSDSetup file of the D-Link DWR-M920 router’s microprogramming software allows a hacker to inject arbitrary commands.
The vulnerability of the sub41CF20 function in the /boafrm/formUSSDSetup file of the D-Link DWR-M920 router’s microprogramming system is related to the lack of measures taken to neutralize special elements in the output data. Exploiting this vulnerability allows a remote attacker to inject...
The vulnerability of the sub_412DA0() function in the /boafrm/formIMEISetup file of the D-Link DWR-M920 router’s microprogramming software allows a intruder to inject arbitrary commands.
The vulnerability of the sub412DA0 function in the /boafrm/formIMEISetup file of the D-Link DWR-M920 router’s microprogramming system is related to the lack of measures taken to protect data at the control level. Exploiting this vulnerability could allow a malicious actor to inject arbitrary...
The vulnerability of Keycloak’s client authentication mechanism in the UDS Identity Config configuration package allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the client authentication mechanism in the UDS Identity Config configuration package is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protecte...
The vulnerability of the Cronet web component in Google Chrome allows a hacker to replace the domain name.
The vulnerability of the Cronet web component of Google Chrome is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to replace a domain name using a specially created domain name...
The vulnerability of the CONTENT_LENGTH component in the /cgi-bin/upload.cgi file of the Wi-Fi signal booster software WINSTAR WN572HP3 allows a perpetrator to execute arbitrary code.
The vulnerability of the CONTENTLENGTH component in the /cgi-bin/upload.cgi file of the Wi-Fi signal booster software WINSTAR WN572HP3 is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...
The vulnerability of the openDCIM software for managing data processing infrastructure lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.
The vulnerability of the openDCIM software for managing data infrastructure is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the FileBrowser Quantum file manager, related to incorrect restrictions on the path name of the restricted directory, allows a hacker to delete any files from the system.
The vulnerability of the FileBrowser Quantum file manager is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability could allow a remote attacker to delete any files from the system...
The vulnerability of the OPNsense operating system, related to the failure to take measures to neutralize special elements, allows a perpetrator to execute arbitrary code.
The vulnerability of the OPNsense operating system is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of Microsoft Exchange Online for corporate email services stems from deficiencies in the authentication process, which allows attackers to disclose sensitive information.
The vulnerability of Microsoft Exchange Online for corporate email services is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to disclose protected information remotely...
The vulnerability of the Extensions component of Google Chrome and Microsoft Edge browsers allows attackers to disclose protected information.
The vulnerability of the Extensions component in Google Chrome and Microsoft Edge is related to a data source confirmation error. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...
The vulnerability of the Payments component in Google Chrome and Microsoft Edge browsers allows a hacker to replace the user interface.
The vulnerability of the Payments component in Google Chrome and Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability could allow a malicious actor to replace the user interface...
The vulnerability of the filestring() function in the nltk.util module of the NLTK natural language processing and statistics library allows attackers to read arbitrary files.
The vulnerability of the filestring function in the nltk.util module of the NLTK natural language processing and statistics library is related to an incorrect path limitation for the directory. Exploiting this vulnerability could allow a malicious actor to read arbitrary files...
The vulnerability of the openDCIM software for managing data centers’ infrastructure lies in the lack of authentication procedures, which allows unauthorized users to gain access to protected information.
The vulnerability of the openDCIM software for managing data infrastructure is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the npm library eslint-config-prettier lies in the presence of undeclared features, which allows a malicious actor to execute arbitrary code.
The vulnerability of the npm library eslint-config-prettier is related to the presence of undeclared features. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
The vulnerability of the FUN_0042e200() function in the /cgi-bin/glc file of the GL.iNet GL-MT3000 router’s microprogramming software allows a intruder to inject arbitrary commands.
The vulnerability of the FUN0042e200 function in the /cgi-bin/glc module of the GL.iNet GL-MT3000 router’s microprogramming system is related to the failure to implement measures to neutralize specific elements. Exploiting this vulnerability could allow a malicious actor to inject arbitrary...
The vulnerability of tools for storing and delivering content within containers arises from deficiencies in authentication mechanisms, allowing unauthorized individuals to gain unauthorized access to protected information.
The vulnerability of the tools for storing and delivering content within containers like Distribution is related to deficiencies in authentication mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the openDCIM software for managing data center infrastructure lies in its lack of mechanisms to neutralize certain special elements, allowing a perpetrator to execute arbitrary code.
The vulnerability of the openDCIM software for managing data centers’ infrastructure is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the administrative interface of the Java Lucee virtual machine allows a perpetrator to execute arbitrary code.
The vulnerability of the administrative interface of the Java Lucee virtual machine’s scripting language is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of Google Chrome and Microsoft Edge browsers, related to a data source confirmation error, allows attackers to circumvent security restrictions.
The vulnerability of Google Chrome and Microsoft Edge is related to a data source confirmation error during the processing of DOM objects. Exploiting this vulnerability can allow an attacker to bypass security restrictions remotely...
The vulnerability of the IPv6 packet parser in the Inspect.sys driver of the Comodo Internet Security comprehensive information protection tool allows a hacker to cause a service failure.
The vulnerability of the IPv6 packet parser in the Inspect.sys driver of the Comodo Internet Security comprehensive information protection tool is related to a significant loss of importance. Exploiting this vulnerability could allow an attacker to cause service interruptions...
The vulnerability affects the implementations of the Internet Key Exchange (IKEv1) protocol in software-based remote access solutions such as Check Point Remote Access VPN, Check Point Mobile Access/SSL VPN, and the network interface layer of Check Point Spark. This vulnerability allows attackers to circumvent existing security restrictions and establish a VPN connection.
The vulnerability of the Internet Key Exchange IKEv1 protocol implementation in Check Point Remote Access VPN, Check Point Mobile Access/SSL VPN, and Check Point Spark network gateways is related to authentication procedures’ deficiencies. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the StanfordSegmenter module in the Natural Language Processing and statistics library package allows a hacker to execute arbitrary code.
The vulnerability of the StanfordSegmenter class in the NLTK library for symbolic and statistical processing of natural language is related to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the OpenVPN Client Import Workflow component of the GL.iNet GL-MT3000 router microsystem allows a intruder to inject arbitrary commands.
The vulnerability of the OpenVPN Client Import Workflow component of the GL.iNet GL-MT3000 router microsystem lies in the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to inject arbitrary commands...
The vulnerability of QStar Archive Solutions’ software for working with archives lies in improper code generation management, allowing attackers to execute arbitrary code.
The vulnerability of the software for working with QStar Archive Solutions is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the formatting function of the SQL parser for Python, Sqlparse, allows a hacker to cause a service failure.
The vulnerability of the formatting function of the SQL parser for Python, Sqlparse, is related to insufficient resource control during its existence. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the consumePhrase() function in the Go programming language allows a hacker to trigger a service failure.
The vulnerability of the consumePhrase function in the Go programming language is related to insufficient validation of input data during the analysis of email addresses. Exploiting this vulnerability could allow an attacker to cause service failures...
The vulnerability of the server.auth.getAuthorizationToken() function in the Ollama system for running and managing large language models (LLMs) allows a hacker to bypass existing security mechanisms.
The vulnerability of the server.auth.getAuthorizationToken function in the Ollama system for running and managing large language models is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow a malicious actor to bypass existing security measures...
The vulnerability of the Go tool pack command language allows a perpetrator to gain access to read and write arbitrary files.
The vulnerability of the Go tool pack command language is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain access to read and write arbitrary files...
The vulnerability of the Zimbra Collaboration Suite’s corporate email management system, related to the, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Zimbra Collaboration Suite email management system is related to the of inter-site requests. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the FedCM component in Google Chrome and Microsoft Edge browsers allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the FedCM component in Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially created HTML page...
The vulnerability of the Web application network firewall library OWASP Coraza WAF lies in the use of a name with an incorrect reference. This allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Web application firewall library OWASP Coraza WAF is related to the use of a name with an incorrect reference. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the MHTML component in Google Chrome and Microsoft Edge allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the MHTML component in Google Chrome and Microsoft Edge is related to the manipulation of inter-site requests. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Next.js software platform for creating web applications stems from the occurrence of interpretation conflicts, which allow attackers to compromise the integrity and accessibility of the protected information.
The vulnerability of the Next.js web application development software platform is related to the occurrence of interpretation conflicts. Exploiting this vulnerability allows a malicious actor to compromise the integrity and accessibility of the protected information...
The vulnerability of the ParseLibSymbols() function in the 7-Zip archive viewer allows a hacker to disclose protected information.
The vulnerability of the ParseLibSymbols function in the 7-Zip archive viewer is related to reading data beyond the permitted range of memory. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the Printing component in Google Chrome and Microsoft Edge allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Printing component in Google Chrome and Microsoft Edge relates to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the microprogramming software of the Qualcomm QSC family, related to deficiencies in authentication procedures, allows a perpetrator to execute arbitrary code.
The vulnerability of the microprogramming software in the Qualcomm QSC family is related to deficiencies in the authentication process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the LibreChat artificial intelligence-based platform, related to an error in processing exceptional states at the final `/api/convos` endpoint, allows a violator to trigger a service failure.
The vulnerability of the LibreChat artificial intelligence-based platform is related to an error in processing exceptional states at the final endpoint /api/convos. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the golang-x-image package, a programming language, allows attackers to trigger a service failure.
The vulnerability of the golang-x-image package, a programming language, is related to unlimited resource distribution. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the DevTools component in Google Chrome and Microsoft Edge allows a hacker to bypass the sandboxing protection mechanism.
The vulnerability of the DevTools component in Google Chrome and Microsoft Edge is related to a breach of data protection mechanisms. Exploiting this vulnerability could allow an attacker to bypass the sandboxing protection mechanisms...
The vulnerability of the ReadBlock() function in the SquashFS file processor of the 7-Zip archive creator allows a hacker to disclose protected information or cause service failures.
The vulnerability of the ReadBlock function, a handler for the SquashFS file compressor used by 7-Zip, relates to reading data outside of the permitted range in memory. Exploiting this vulnerability could allow an attacker to disclose sensitive information or cause service failures...
The vulnerability of the Zimbra Collaboration Suite’s email management system, related to incorrect restrictions on XML links to external objects, allows attackers to carry out XXE attacks.
The vulnerability of the Zimbra Collaboration Suite email management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...
The vulnerability of the DOM component in the Firefox web browser, the Firefox ESR web browser, and the Thunderbird email client allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the DOM component in Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to the use of memory after it is released. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protecte...
The vulnerability of the search function in Google Chrome and Microsoft Edge allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the search function in Google Chrome and Microsoft Edge is related to a violation of data protection mechanisms. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially created HTML page...
The vulnerability of the Zimbra Collaboration Suite’s email management system lies in the lack of measures to neutralize special elements in LDAP requests. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the Zimbra Collaboration Suite email management system is related to the failure to take measures to neutralize special elements in the LDAP request. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the DevTools component in Google Chrome and Microsoft Edge allows a hacker to replace the user interface.
The vulnerability of the DevTools component in Google Chrome and Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow an attacker to replace the user interface using a specially created Chrome extension...
The vulnerability of the Tlon plugin (Urbit), which targets the AI agent OpenClaw (previously ClawdBot or MoltBot), allows a hacker to perform an SSRF attack.
The vulnerability of the Tlon plugin Urbit, which is part of the AI agent OpenClaw previously known as ClawdBot or MoltBot, stems from insufficient validation of requests on the server side. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...
The vulnerability of the Navigation section in Microsoft Edge and Google Chrome browsers allows a hacker to bypass existing security mechanisms.
The vulnerability of the Navigation section in Microsoft Edge and Google Chrome is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to bypass existing security measures remotely...
The vulnerability of the SiteIsolation component in Google Chrome and Microsoft Edge allows a hacker to bypass security restrictions.
The vulnerability of the SiteIsolation component in Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created HTML page...