90104 matches found
The vulnerability of the server.auth.getAuthorizationToken() function in the Ollama system for running and managing large language models (LLMs) allows a hacker to bypass existing security mechanisms.
The vulnerability of the server.auth.getAuthorizationToken function in the Ollama system for running and managing large language models is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow a malicious actor to bypass existing security measures...
The vulnerability of the Tlon plugin (Urbit), which targets the AI agent OpenClaw (previously ClawdBot or MoltBot), allows a hacker to perform an SSRF attack.
The vulnerability of the Tlon plugin Urbit, which is part of the AI agent OpenClaw previously known as ClawdBot or MoltBot, stems from insufficient validation of requests on the server side. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...
The vulnerability of the Preload function in Google Chrome and Microsoft Edge browsers allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Preload function in Google Chrome and Microsoft Edge is related to a violation of data protection mechanisms. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially created HTML pag...
The vulnerability of the user interface (UI) of Google Chrome and Microsoft Edge browsers allows a hacker to execute arbitrary code.
The vulnerability of the user interface of Google Chrome and Microsoft Edge is related to improper handling of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created HTML page...
The vulnerability of the CHandler::GetSecurity() function, a handler for WIM archives of the 7-Zip archive creator, allows a perpetrator to cause a service failure or disclose confidential information.
The vulnerability of the CHandler::GetSecurity function, a handler for WIM archives of the 7-Zip archive tool, is related to reading data beyond the allowed range of memory. Exploiting this vulnerability could allow an attacker to cause service failures or disclose confidential information...
The vulnerability of the DevTools component in Google Chrome and Microsoft Edge allows a hacker to replace the user interface.
The vulnerability of the DevTools component in Google Chrome and Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow an attacker to replace the user interface using a specially created Chrome extension...
The vulnerability of the AuthZ plugin of the container isolation system creation software Moby allows a hacker to increase their privileges.
The vulnerability of the AuthZ plugin of the container isolation system Moby allows for bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability can enable a hacker to gain increased privileges...
The vulnerability of the Zimbra Collaboration Suite’s email management system lies in the lack of measures to neutralize special elements in LDAP requests. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the Zimbra Collaboration Suite email management system is related to the failure to take measures to neutralize special elements in the LDAP request. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the LibreChat artificial intelligence-based platform, related to an error in processing exceptional states at the final `/api/convos` endpoint, allows a violator to trigger a service failure.
The vulnerability of the LibreChat artificial intelligence-based platform is related to an error in processing exceptional states at the final endpoint /api/convos. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Cast component in Google Chrome and Microsoft Edge browsers allows attackers to gain unauthorized access to protected information.
The vulnerability of the Cast component in Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the DevTools component in Google Chrome and Microsoft Edge allows a hacker to bypass the sandboxing protection mechanism.
The vulnerability of the DevTools component in Google Chrome and Microsoft Edge is related to a breach of data protection mechanisms. Exploiting this vulnerability could allow an attacker to bypass the sandboxing protection mechanisms...
The vulnerability of the MHTML component in Google Chrome and Microsoft Edge allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the MHTML component in Google Chrome and Microsoft Edge is related to the manipulation of inter-site requests. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
Vulnerability of the “iHead: Logs” module of the CMS system for 1C-Bitrix: Website management related to lack of measures to protect the website structure, allowing attackers to execute arbitrary code.
Vulnerability of the “iHead: Logs” module in the Content Management System CMS of 1C-Bitrix: Website management is related to the failure to protect the structure of web pages. Exploiting this vulnerability may allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the _gcry_ecc_mont_decodepoint function in the cipher/ecc-misc.c file of the Libgcrypt cryptographic library allows a perpetrator to trigger a service denial.
The vulnerability of the gcryeccmontdecodepoint function in the cipher/ecc-misc.c file of the cryptographic library Libgcrypt is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the apparmor component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the apparmor component in the Linux operating system’s kernel is related to an uncontrolled recursion. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Web application network firewall library OWASP Coraza WAF lies in the use of a name with an incorrect reference. This allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Web application firewall library OWASP Coraza WAF is related to the use of a name with an incorrect reference. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the Zimbra Collaboration Suite’s corporate email management system, related to the, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Zimbra Collaboration Suite email management system is related to the of inter-site requests. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the LibreChat artificial intelligence-based platform lies in its lack of mechanisms for processing input data that is recorded in system logs. This allows attackers to gain access and modify data in the logs.
The vulnerability of the LibreChat artificial intelligence-based platform is related to deficiencies in the mechanism for processing input data that is recorded in system logs. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify data in the log files...
The vulnerability of the Payments component in Google Chrome and Microsoft Edge browsers allows a hacker to manipulate the URL address bar by using a specially created HTML page.
The vulnerability of the Payments component in Google Chrome and Microsoft Edge is related to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to forge the URL input by using a specially created HTML page...
The vulnerability of the DevTools component in Google Chrome and Microsoft Edge allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the DevTools component in Google Chrome and Microsoft Edge is related to a breach of data protection mechanisms. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the search function in Google Chrome and Microsoft Edge allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the search function in Google Chrome and Microsoft Edge is related to a violation of data protection mechanisms. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially created HTML page...
The vulnerabilities of the functions ParseAddress(), ParseAddressList(), and ParseDate() in the Go programming language allow a hacker to cause a service failure.
The vulnerability of the ParseAddress, ParseAddressList, and ParseDate functions in the Go programming language is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the Navigation section in Microsoft Edge and Google Chrome browsers allows a hacker to bypass existing security mechanisms.
The vulnerability of the Navigation section in Microsoft Edge and Google Chrome is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to bypass existing security measures remotely...
The vulnerability of the ML lifecycle management platform, related to the shortcomings in the authentication process, allows a perpetrator to execute arbitrary code.
The vulnerability of the ML model lifecycle management platform is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Next.js software platform for creating web applications stems from the occurrence of interpretation conflicts, which allow attackers to compromise the integrity and accessibility of the protected information.
The vulnerability of the Next.js web application development software platform is related to the occurrence of interpretation conflicts. Exploiting this vulnerability allows a malicious actor to compromise the integrity and accessibility of the protected information...
The vulnerability of the DSP microprogramming software service in Qualcomm’s embedded chips allows attackers to disclose protected information.
The vulnerability of the DSP microprogramming system in Qualcomm’s embedded chips lies in the fact that operations are performed outside of the buffer in memory. Exploiting this vulnerability can allow attackers to disclose protected information...
The vulnerability of the Printing component in Google Chrome and Microsoft Edge allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Printing component in Google Chrome and Microsoft Edge relates to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the Chromoting component in Google Chrome and Microsoft Edge browsers allows attackers to increase their privileges.
The vulnerability of the Chromoting component in Google Chrome and Microsoft Edge is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges through the use of a malicious file...
The vulnerability of the `net.Dial()` and `net.LookupPort()` functions in the Go programming language for Windows operating systems allows a hacker to cause a service failure.
The vulnerability of the net.Dial and net.LookupPort functions in the Go programming language for Windows operating systems is related to the use of pointers. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the Go tool pack command language allows a perpetrator to gain access to read and write arbitrary files.
The vulnerability of the Go tool pack command language is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain access to read and write arbitrary files...
The vulnerability of the Reading Mode in Microsoft Edge and Google Chrome browsers, which allows a hacker to bypass the sandbox protection mechanism
The vulnerability of the Reading Mode in Microsoft Edge and Google Chrome is related to insufficient validation of entered data. Exploiting this vulnerability can allow a remote attacker to bypass the sandbox’s security mechanisms...
The vulnerability of the golang-x-image package, a programming language, allows attackers to trigger a service failure.
The vulnerability of the golang-x-image package, a programming language, is related to unlimited resource distribution. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the `tunnel.allowNgrokFreeTierLoopbackBypass` parameter. This vulnerability is exploited by an AI agent named OpenClaw (previously known as ClawdBot or MoltBot), allowing attackers to compromise the integrity and accessibility of protected information.
The vulnerability of the tunnel.allowNgrokFreeTierLoopbackBypass parameter is related to the AI agent OpenClaw previously ClawdBot or MoltBot. This vulnerability stems from the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker operating remotely to...
The vulnerability of the GPU components in Google Chrome and Microsoft Edge allows a hacker to gain unauthorized access to protected information.
The vulnerability of the GPU components in Google Chrome and Microsoft Edge is related to the use of uninitialized variables. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created HTML page...
The vulnerability of the Windows WLAN Host microprogramming system components in Qualcomm’s embedded chips allows a hacker to trigger memory corruption.
The vulnerability of the Windows WLAN Host microprogramming software in embedded Qualcomm devices is related to the use of dangerous methods or functions. Exploiting this vulnerability can allow an attacker to cause memory corruption...
The vulnerability of the microprogramming software of the Qualcomm QSC family, related to deficiencies in authentication procedures, allows a perpetrator to execute arbitrary code.
The vulnerability of the microprogramming software in the Qualcomm QSC family is related to deficiencies in the authentication process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Zimbra Collaboration Suite’s email management system, related to incorrect restrictions on XML links to external objects, allows attackers to carry out XXE attacks.
The vulnerability of the Zimbra Collaboration Suite email management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...
The vulnerability of the DOM component in the Firefox web browser, the Firefox ESR web browser, and the Thunderbird email client allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the DOM component in Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to the use of memory after it is released. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protecte...
The vulnerability of the Cast component in Google Chrome and Microsoft Edge browsers allows attackers to bypass existing security restrictions.
The vulnerability of the Cast component in Google Chrome and Microsoft Edge relates to a flaw in data protection mechanisms. Exploiting this vulnerability allows an attacker to bypass existing security restrictions through a specially created HTML page...
The vulnerability of the AdFilter component in Google Chrome and Microsoft Edge browsers allows a hacker to execute arbitrary code.
The vulnerability of the AdFilter component in Google Chrome and Microsoft Edge relates to reading data beyond the permitted range in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page from a remote location...
The vulnerability of the FedCM component in Google Chrome and Microsoft Edge browsers allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the FedCM component in Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially created HTML page...
The vulnerability of the WebRTC component in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.
The vulnerability of the WebRTC component in Google Chrome and Microsoft Edge relates to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code through a specially created HTML page...
The vulnerability of the Parse function in the UDF format file archiver 7-Zip allows attackers to exploit it to disclose protected information.
The vulnerability of the Parse function in the UDF format file processing tool of the 7-Zip archive manager is related to reading data beyond the allowed range of memory. Exploiting this vulnerability allows a remote attacker to disclose the protected information...
The vulnerability of the ParseLibSymbols() function in the 7-Zip archive viewer allows a hacker to disclose protected information.
The vulnerability of the ParseLibSymbols function in the 7-Zip archive viewer is related to reading data beyond the permitted range of memory. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the ParseDependencyExpression() function in the 7-Zip UEFI dependency parser allows a attacker to cause a service failure.
The vulnerability of the ParseDependencyExpression function in the 7-Zip UEFI dependency parser involves reading data beyond the permitted range of memory. Exploiting this vulnerability could allow a malicious actor to cause system failures...
The vulnerability of the Next.js web application development software platform, related to the loading of unreliable external data alongside reliable data, allows attackers to trigger service failures.
The vulnerability of the Next.js web application development platform lies in the loading of unreliable external data alongside reliable data. Exploiting this vulnerability allows a malicious actor to cause service failures remotely...
The vulnerability of the aa_replace_profiles function in the Linux operating system’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the aareplaceprofiles function in the Linux operating system’s kernel is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the ReadBlock function in the SquashFS file processor and 7-Zip archive creator allows a hacker to disclose confidential information.
The vulnerability of the ReadBlock function in the SquashFS file compressor and 7-Zip archive creator relates to reading data outside of the allowed range in memory. Exploiting this vulnerability could allow a malicious actor to disclose confidential information...
The vulnerability in the Firefox web browser and the Thunderbird email client relates to the issue of allowing operations beyond the buffer in memory, enabling a hacker to execute arbitrary code.
The vulnerability in the Firefox web browser and the Thunderbird email client relates to the escape of operations beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the graphical user interface of the software solution for coordinating the operation of cybersecurity systems and for managing real-time incident responses in Fortinet FortiSOAR allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the graphical user interface of the software solution for coordinating the operation of cybersecurity systems and for managing real-time incident responses in Fortinet FortiSOAR is related to insufficient validation of requests on the server side. Exploiting this vulnerabilit...