90104 matches found
The vulnerability of the sub_41CF20() function in the /boafrm/formUSSDSetup file of the D-Link DWR-M920 router’s microprogramming software allows a hacker to inject arbitrary commands.
The vulnerability of the sub41CF20 function in the /boafrm/formUSSDSetup file of the D-Link DWR-M920 router’s microprogramming system is related to the lack of measures taken to neutralize special elements in the output data. Exploiting this vulnerability allows a remote attacker to inject...
The vulnerability of the FUN_0042e200() function in the /cgi-bin/glc file of the GL.iNet GL-MT3000 router’s microprogramming software allows a intruder to inject arbitrary commands.
The vulnerability of the FUN0042e200 function in the /cgi-bin/glc module of the GL.iNet GL-MT3000 router’s microprogramming system is related to the failure to implement measures to neutralize specific elements. Exploiting this vulnerability could allow a malicious actor to inject arbitrary...
The vulnerability of the dlopen() function in the library /usr/lib/oui-httpd/rpc of the microprogramming software for routers GL.iNet GL-MT3000 allows a attacker to execute arbitrary commands.
The vulnerability of the dlopen function in the library /usr/lib/oui-httpd/rpc of the microprogramming software for routers GL.iNet GL-MT3000 is related to the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to inject arbitrary commands...
The vulnerability of Keycloak’s client authentication mechanism in the UDS Identity Config configuration package allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the client authentication mechanism in the UDS Identity Config configuration package is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protecte...
The vulnerability of the formatting function of the SQL parser for Python, Sqlparse, allows a hacker to cause a service failure.
The vulnerability of the formatting function of the SQL parser for Python, Sqlparse, is related to insufficient resource control during its existence. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability in the user interfaces of Microsoft Edge and Google Chrome allows a hacker to replace the interface with a specially created HTML page.
The vulnerability of Microsoft Edge and Google Chrome browser user interfaces is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to replace the interface with a specially created HTML page...
The vulnerability of QStar Archive Solutions’ software for working with archives lies in improper code generation management, allowing attackers to execute arbitrary code.
The vulnerability of the software for working with QStar Archive Solutions is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability affects the implementations of the Internet Key Exchange (IKEv1) protocol in software-based remote access solutions such as Check Point Remote Access VPN, Check Point Mobile Access/SSL VPN, and the network interface layer of Check Point Spark. This vulnerability allows attackers to circumvent existing security restrictions and establish a VPN connection.
The vulnerability of the Internet Key Exchange IKEv1 protocol implementation in Check Point Remote Access VPN, Check Point Mobile Access/SSL VPN, and Check Point Spark network gateways is related to authentication procedures’ deficiencies. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the IPv6 packet parser in the Inspect.sys driver of the Comodo Internet Security comprehensive information protection tool allows a hacker to cause a service failure.
The vulnerability of the IPv6 packet parser in the Inspect.sys driver of the Comodo Internet Security comprehensive information protection tool is related to a significant loss of importance. Exploiting this vulnerability could allow an attacker to cause service interruptions...
The vulnerability of the StanfordSegmenter module in the Natural Language Processing and statistics library package allows a hacker to execute arbitrary code.
The vulnerability of the StanfordSegmenter class in the NLTK library for symbolic and statistical processing of natural language is related to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the CONTENT_LENGTH component in the /cgi-bin/upload.cgi file of the Wi-Fi signal booster software WINSTAR WN572HP3 allows a perpetrator to execute arbitrary code.
The vulnerability of the CONTENTLENGTH component in the /cgi-bin/upload.cgi file of the Wi-Fi signal booster software WINSTAR WN572HP3 is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...
The vulnerability of the openDCIM software for managing data processing infrastructure lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.
The vulnerability of the openDCIM software for managing data infrastructure is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Vulnerability of the “GEO: Categories and search for lists and business processes” module of the website content management system (CMS) 1C-Bitrix: Website management related to the failure to protect the SQL query structure, allowing attackers to execute arbitrary code
Vulnerability of the “GEO: Categories and search for lists and business processes” module of the website content management system CMS 1C-Bitrix: Website management involves failing to protect the SQL query structure. Exploiting this vulnerability may allow a malicious actor to execute arbitrary...
The vulnerability of the Bitwarden password manager lies in the insufficient protection of its website structure, which allows attackers to execute XSS attacks.
The vulnerability of the Bitwarden password manager is related to insufficient protection of the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...
The vulnerability of the Media components in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.
The vulnerability of the Media components in Google Chrome and Microsoft Edge is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Model.load_model() function in the Keras library allows a hacker to execute arbitrary code.
The vulnerability of the Keras Model.loadmodel function in the Keras library is related to insufficient control over resources with dynamic management. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the snprintf() function in the /cgi-bin/glc file of the GL.iNet GL-MT3000 router’s microprogramming system allows a hacker to inject arbitrary commands.
The vulnerability of the snprintf function in the /cgi-bin/glc file of the GL.iNet GL-MT3000 router’s microprogramming system is related to the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to inject arbitrary commands...
The vulnerability of the CorpusReader class in the NLTK library for symbolic and statistical processing of natural language allows a hacker to read arbitrary files.
The vulnerability of the CorpusReader class in the NLTK library for symbolic and statistical processing of natural language is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to read arbitrary fil...
The vulnerability of the load_data() function in the llama_index/readers/obsidian/base.py file of the ObsidianReader plugin, which allows an intruder to gain unauthorized access to protected information.
The vulnerability of the loaddata function in the llamaindex/readers/obsidian/base.py file of the ObsidianReader plugin is related to path traversal. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the sub_412DA0() function in the /boafrm/formIMEISetup file of the D-Link DWR-M920 router’s microprogramming software allows a intruder to inject arbitrary commands.
The vulnerability of the sub412DA0 function in the /boafrm/formIMEISetup file of the D-Link DWR-M920 router’s microprogramming system is related to the lack of measures taken to protect data at the control level. Exploiting this vulnerability could allow a malicious actor to inject arbitrary...
The vulnerability of the filestring() function in the nltk.util module of the NLTK natural language processing and statistics library allows attackers to read arbitrary files.
The vulnerability of the filestring function in the nltk.util module of the NLTK natural language processing and statistics library is related to an incorrect path limitation for the directory. Exploiting this vulnerability could allow a malicious actor to read arbitrary files...
The vulnerability of the ExtensionValue getData() function in the MessagePack NodeJS/JavaScript msgpackr implementation allows a hacker to cause a service failure.
The vulnerability of the ExtensionValue getData implementation in MessagePack NodeJS/JavaScript msgpackr is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the HTTP Endpoint component in the /upload.cgi file of the BlackVue Dashcam 590X software, which allows a violator to trigger a service failure.
The vulnerability of the HTTP Endpoint component of the /upload.cgi file in the BlackVue Dashcam 590X microprogramming system is related to access control errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the openDCIM software for managing data center infrastructure lies in its lack of mechanisms to neutralize certain special elements, allowing a perpetrator to execute arbitrary code.
The vulnerability of the openDCIM software for managing data centers’ infrastructure is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of Microsoft Exchange Online for corporate email services stems from deficiencies in the authentication process, which allows attackers to disclose sensitive information.
The vulnerability of Microsoft Exchange Online for corporate email services is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to disclose protected information remotely...
The vulnerability of Google Chrome and Microsoft Edge browsers, related to a data source confirmation error, allows attackers to circumvent security restrictions.
The vulnerability of Google Chrome and Microsoft Edge is related to a data source confirmation error during the processing of DOM objects. Exploiting this vulnerability can allow an attacker to bypass security restrictions remotely...
The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge browsers on Windows operating systems allows a hacker to gain unauthorized access to protected information.
The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge browsers on Windows operating systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected informatio...
The vulnerability of the command-line interface of the Cisco Catalyst SD-WAN Manager allows a attacker to execute arbitrary code and elevate their privileges to root level.
The vulnerability of the command-line interface of the Cisco Catalyst SD-WAN Manager is related to incorrect encoding or filtering of output data. Exploiting this vulnerability allows an attacker to execute arbitrary code and elevate their privileges to the root level...
The vulnerability of the Parse function in the UDF format file archiver 7-Zip allows attackers to exploit it to disclose protected information.
The vulnerability of the Parse function in the UDF format file processing tool of the 7-Zip archive manager is related to reading data beyond the allowed range of memory. Exploiting this vulnerability allows a remote attacker to disclose the protected information...
The vulnerability of the Next.js software platform for creating web applications relates to bypassing authentication by using an alternative path or channel, allowing a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Next.js web application development software platform relates to bypassing authentication by using an alternative path or channel. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Next.js web application development software platform, related to the loading of unreliable external data alongside reliable data, allows attackers to trigger service failures.
The vulnerability of the Next.js web application development platform lies in the loading of unreliable external data alongside reliable data. Exploiting this vulnerability allows a malicious actor to cause service failures remotely...
The vulnerability of the _gcry_ecc_mont_decodepoint function in the cipher/ecc-misc.c file of the Libgcrypt cryptographic library allows a perpetrator to trigger a service denial.
The vulnerability of the gcryeccmontdecodepoint function in the cipher/ecc-misc.c file of the cryptographic library Libgcrypt is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the aa_replace_profiles function in the Linux operating system’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the aareplaceprofiles function in the Linux operating system’s kernel is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the DSP microprogramming software service in Qualcomm’s embedded chips allows attackers to disclose protected information.
The vulnerability of the DSP microprogramming system in Qualcomm’s embedded chips lies in the fact that operations are performed outside of the buffer in memory. Exploiting this vulnerability can allow attackers to disclose protected information...
The vulnerability of the Windows WLAN Host microprogramming system components in Qualcomm’s embedded chips allows a hacker to trigger memory corruption.
The vulnerability of the Windows WLAN Host microprogramming software in embedded Qualcomm devices is related to the use of dangerous methods or functions. Exploiting this vulnerability can allow an attacker to cause memory corruption...
The vulnerability of the Camera component in the microprogramming software of Qualcomm’s integrated chips allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Camera component in the microprogramming software of Qualcomm-internal chips is related to unreliable pointer assignment. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the Briefcase feature in the Zimbra Collaboration Suite email management system allows attackers to perform cross-site scripting attacks.
The vulnerability of the Briefcase feature in the Zimbra Collaboration Suite email management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the server.auth.getAuthorizationToken() function in the Ollama system for running and managing large language models (LLMs) allows a hacker to bypass existing security mechanisms.
The vulnerability of the server.auth.getAuthorizationToken function in the Ollama system for running and managing large language models is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow a malicious actor to bypass existing security measures...
The vulnerability in the `src/auto-reply/reply/commands-approve.ts` script of the AI agent OpenClaw (previously known as ClawdBot or MoltBot) allows a violator to bypass existing security mechanisms.
The vulnerability in the src/auto-reply/reply/commands-approve.ts script of the AI agent OpenClaw previously known as ClawdBot or MoltBot is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to bypass existing security mechanisms...
The vulnerability of the Tlon plugin (Urbit), which targets the AI agent OpenClaw (previously ClawdBot or MoltBot), allows a hacker to perform an SSRF attack.
The vulnerability of the Tlon plugin Urbit, which is part of the AI agent OpenClaw previously known as ClawdBot or MoltBot, stems from insufficient validation of requests on the server side. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...
The vulnerability of the OAuth authorization protocol implemented by the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) allows a attacker to perform a CSRF attack.
The vulnerability of the OAuth authorization protocol implementation of the AI agent OpenClaw formerly known as ClawdBot or MoltBot is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...
The vulnerability of the Printing component in Google Chrome and Microsoft Edge allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Printing component in Google Chrome and Microsoft Edge relates to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the Cast component in Google Chrome and Microsoft Edge browsers allows attackers to gain unauthorized access to protected information.
The vulnerability of the Cast component in Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Cast component in Google Chrome and Microsoft Edge browsers allows attackers to elevate their privileges.
The vulnerability of the Cast component in Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges through a specially created HTML page...
The vulnerability of the DevTools component in Google Chrome and Microsoft Edge allows a hacker to replace the user interface.
The vulnerability of the DevTools component in Google Chrome and Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow an attacker to replace the user interface using a specially created Chrome extension...
The vulnerability of the user interface (UI) of Google Chrome and Microsoft Edge browsers allows a hacker to execute arbitrary code.
The vulnerability of the user interface of Google Chrome and Microsoft Edge is related to improper handling of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created HTML page...
The vulnerability of the MHTML component in Google Chrome and Microsoft Edge allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the MHTML component in Google Chrome and Microsoft Edge is related to the manipulation of inter-site requests. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the sub_41C8E8() function in D-Link DWR-M920 router microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the sub41C8E8 function in D-Link DWR-M920 router microprogramming software is related to the lack of measures taken to clean data at the control level when processing the actionvalue parameter. Exploiting this vulnerability can allow a remote attacker to execute arbitrary cod...
The vulnerability of the OpenCapsule function in UEFI capsule file parsers and 7-Zip archivers allows a hacker to exploit the protected information.
The vulnerability of the OpenCapsule function in UEFI capsule file parsers and 7-Zip archivers is related to the use of uninitialized resources. Exploiting this vulnerability can allow a malicious actor to disclose protected information...
The vulnerability in the email template description of the state module and the Webmin control panel of the hosting system allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability of the email template description field in the state module of the Webmin hosting control panel is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...