90336 matches found
The vulnerability of the NTFS reparse point mechanism in Samba software, which allows a hacker to modify arbitrary files
The vulnerability of the NTFS reparse point mechanism in Samba software is related to access control deficiencies. Exploiting this vulnerability allows a remote attacker to modify arbitrary files...
The vulnerability of the software for working with DAEMON Tools Lite images stems from the presence of dangerous, undeclared features, which allow a hacker to bypass existing security restrictions.
The vulnerability of the software for working with DAEMON Tools Lite discs is related to the presence of dangerous, undeclared features. Exploiting this vulnerability can allow a remote attacker to bypass existing security restrictions...
The vulnerability of the Trend Micro Apex One antivirus software agent allows a hacker to increase their privileges.
The vulnerability of the Trend Micro Apex One antivirus software agent is related to a data source verification error. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the Open WebUI web interface, related to deficiencies in the authentication process, allows attackers to circumvent existing security restrictions.
The vulnerability of the Open WebUI web interface, based on artificial intelligence, is related to deficiencies in the authentication process when processing the bypassfilter parameter for endpoints like /openai/chat/completions and /ollama/api/chat. Exploiting this vulnerability allows a malicio...
The vulnerability of the `insert_new_feedback()` function in the Open WebUI AI-based web interface allows a violator to gain access to and modify data.
The vulnerability of the insertnewfeedback function in the Open WebUI AI-based web interface is related to the incorrect order of dictionary merging. Exploiting this vulnerability could allow an attacker to gain read and edit access to data...
The vulnerability of the Open WebUI web interface, related to deficiencies in the authentication process, allows a perpetrator to gain access to read and modify data.
The vulnerability of the Open WebUI web interface is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain access to read and modify data remotely...
The vulnerability in the Open WebUI web interface, related to bypassing authentication using a user-controlled key, allows attackers to gain unauthorized access to protected information.
The vulnerability in the Open WebUI web interface relates to bypassing authentication using a user-controlled key during the processing of the final endpoint /api/v1/notes/noteid. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability in the Audio/Video components of Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Audio/Video components in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the DOMPurify.sanitize() function in the Open WebUI AI-based web interface allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability of the DOMPurify.sanitize function in the Open WebUI AI-based web interface is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the Blitz Identity Provider software, related to the, allows a perpetrator to execute a CSRF attack.
The vulnerability of the Blitz Identity Provider software is related to the。 Exploiting this vulnerability can allow a malicious actor to execute a CSRF attack remotely...
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to reading data beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird lies in the reading of data beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge browsers allows a hacker to bypass the sandboxing protection mechanisms.
The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to bypass the sandboxing protection mechanisms...
The vulnerability of the formWrlExtraSet() function in the Tenda F1202 router’s microprogramming software allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the formWrlExtraSet function in the Tenda F1202 router’s microprogramming software is related to the issue of the operation exceeding the buffer boundaries in memory when processing the GO parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of the SVG object processing mechanism in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.
The vulnerability of the SVG object processing mechanism in Google Chrome and Microsoft Edge lies in the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the fullscreen mode of Google Chrome and Microsoft Edge browsers allows a hacker to bypass the sandboxing protection mechanisms.
The vulnerability of the fullscreen mode of Google Chrome and Microsoft Edge browsers relates to the possibility of using memory after it is freed. Exploiting this vulnerability can allow a remote attacker to bypass the sandboxing protection mechanisms...
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to induce a service failure.
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to reading data beyond the allowed range in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the ServiceWorker interface in Google Chrome and Microsoft Edge browsers allows a hacker to bypass existing security mechanisms.
The vulnerability of the ServiceWorker interface in Google Chrome and Microsoft Edge is related to a breach of data protection mechanisms. Exploiting this vulnerability could allow an attacker to bypass existing security measures remotely...
Vulnerability of Google Chrome and Microsoft Edge browsers’ CSS components, allowing attackers to execute arbitrary code
The vulnerability of Google Chrome and Microsoft Edge browsers’ CSS components relates to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability in the Sanitizer API of Google Chrome and Microsoft Edge browsers allows a malicious actor to execute XSS attacks.
The vulnerability of the Sanitizer API on Google Chrome and Microsoft Edge browsers is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the GPO group policy management component of the Samba software, which allows a hacker to bypass existing security restrictions
The vulnerability of the GPO group policy management component of the Samba software is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker, operating remotely, to circumvent existing security restrictions...
The vulnerability in the net/bpf/test_run.c module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the net/bpf/testrun.c module in the Linux operating system is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the setPasswordCfg() function in the /cgi-bin/cstecgi.cgi script of the TOTOLINK N300RH router’s microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the setPasswordCfg function in the /cgi-bin/cstecgi.cgi script of the TOTOLINK N300RH router’s microprogramming software is related to the lack of data cleaning measures at the control level when processing the admpass parameter. Exploiting this vulnerability allows a malicio...
Vulnerability of the gdi_CacheToSurface() function in the RDP client FreeRDP, allowing a hacker to execute arbitrary code and cause service failure
The vulnerability of the gdiCacheToSurface function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause a service failure by sending specially crafted RDPGFX packets...
The vulnerability of the Trend Micro Apex One antivirus software agent allows a hacker to increase their privileges.
The vulnerability of the Trend Micro Apex One antivirus software agent is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Trend Micro Apex One antivirus software agent allows a hacker to increase their privileges.
The vulnerability of the Trend Micro Apex One antivirus software agent is related to a data source verification error. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the RoundCube Webmail email client lies in the lack of validation for incoming requests, allowing attackers to delete any files they desire.
The vulnerability of the RoundCube Webmail email client is related to the lack of validation for incoming requests. Exploiting this vulnerability could allow a malicious actor to delete any files at will...
The vulnerability of the preg_replace() function in the RoundCube Webmail email client allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the pregreplace function in the RoundCube Webmail email client is related to the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected...
The vulnerability of Azure Privileged Identity Management, a service for ensuring compatibility with Microsoft Azure Entra ID, allows a perpetrator to increase their privileges.
The vulnerability of Azure Privileged Identity Management, a service for ensuring compatibility between Microsoft Azure Entra IDs, involves bypassing authentication using a user-controlled key. Exploiting this vulnerability could allow an attacker to increase their privileges remotely...
The vulnerability of the update_message_by_id() function in the Open WebUI AI-based web interface allows a hacker to gain access to read, modify, or delete data.
The vulnerability of the updatemessagebyid function in the Open WebUI AI-based web interface relates to bypassing authentication using a key controlled by the user. Exploiting this vulnerability could allow an attacker to gain access to read, modify, or delete data...
The vulnerability in the Open WebUI web interface allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability in the Open WebUI web interface is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Mozilla Firefox browser and the Thunderbird email client relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Mozilla Firefox browser and the Thunderbird email client is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the XKMS (XML Key Management Specification) service in the Apache CXF web service framework allows a hacker to gain unauthorized access to protected information.
The vulnerability of the XKMS XML Key Management Specification service in the Apache CXF web service framework is related to the failure to take measures to eliminate special elements in LDAP requests. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized...
The vulnerability of the DOM components in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.
The vulnerability of the DOM components in Google Chrome and Microsoft Edge relates to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Views component in Google Chrome and Microsoft Edge browsers allows attackers to bypass existing security mechanisms.
The vulnerability of the Views component in Google Chrome and Microsoft Edge relates to the ability to utilize memory after it is freed. Exploiting this vulnerability could allow a remote attacker to bypass existing security measures...
The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge browsers allows a hacker to read and write arbitrary files.
The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge relates to insufficient validation of input data. Exploiting this vulnerability allows an attacker to read and write arbitrary files remotely...
The vulnerability of the Speech component in Google Chrome and Microsoft Edge browsers allows attackers to perform spoofing attacks.
The vulnerability of the Speech component in Google Chrome and Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks remotely...
The vulnerability of the Blink rendering module in Google Chrome and Microsoft Edge browsers allows a hacker to trigger a service failure.
The vulnerability of the Blink module in Google Chrome and Microsoft Edge browsers is related to external control over a web parameter that is assumed to be immutable. Exploiting this vulnerability could allow an attacker to cause service interruptions...
The vulnerability of the Cross-Origin-Opener-Policy (COOP) function in Google Chrome and Microsoft Edge allows a perpetrator to bypass existing security mechanisms.
The vulnerability of the Cross-Origin-Opener-Policy COOP function in Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to bypass existing security mechanisms...
The vulnerability of Microsoft 365 Copilot’s intelligent virtual assistant in operating systems like iOS, related to the lack of measures for cleaning incoming data, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of Microsoft 365 Copilot’s intelligent virtual assistant in operating systems like iOS stems from the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and integrity of the protected informati...
The vulnerability of the validate_url() function in the Open WebUI AI-based web interface allows a attacker to perform an SSRF attack.
The vulnerability of the validateurl function in the Open WebUI AI-based web interface is related to insufficient validation of requests at the server side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...
The vulnerability of the RoundCube Webmail email client, related to the lack of protective measures for the website structure, allows attackers to execute arbitrary code.
The vulnerability of the RoundCube Webmail client is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created SVG document...
The vulnerability of the LDAP and OAuth web interface implementation based on Open WebUI allows a perpetrator to escalate their privileges and gain unauthorized access to protected information.
The vulnerability of LDAP and OAuth web interfaces based on artificial intelligence Open WebUI is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges and gain unauthorized access to protected information...
The vulnerability of the microprogrammed network device products WildFire WF-500 and WildFire WF-500-B lies in improper external control of file names or file paths, allowing an intruder to gain access to read, modify, or delete files.
The vulnerability of the microprogrammed network device products WildFire WF-500 and WildFire WF-500-B lies in improper external control of the file name or file path. Exploiting this vulnerability can allow an attacker to gain read, modify, or delete access to files...
The vulnerability of the Chromoting remote administration tool, which operates on Google Chrome and Microsoft Edge browsers, allows a hacker to execute arbitrary code.
The vulnerability of the Chromoting remote administration tool for Google Chrome and Microsoft Edge lies in the ability to exploit memory after it is freed. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the bpf_prog_test_run_xdp() function in the net/bpf/test_run.c module, which is part of the networking functions in the Linux kernel, allows a hacker to cause a service failure.
The vulnerability of the bpfprogtestrunxdp function in the net/bpf/testrun.c module, which is part of the networking functions in the Linux kernel, relates to the failure to release resources after their useful life has ended. Exploiting this vulnerability could allow an attacker to cause service...
The vulnerability of the IKEv2 protocol implementation in the PAN-OS operating system allows a perpetrator to escalate their privileges, execute arbitrary code, or cause a service failure.
The vulnerability of the IKEv2 protocol implementation in the PAN-OS operating system is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to enhance their privileges, execute arbitrary code, or cause service failures...
The vulnerability of the Hyper-converged Infrastructure of Microsoft Azure Stack (HCI), which stems from insufficient validation of input data, allows attackers to disclose protected information.
The vulnerability of the Hyper-converged Infrastructure of Microsoft Azure Stack HCI is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge browsers allows attackers to disclose protected information.
The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge relates to external control over a web parameter that is assumed to be immutable. Exploiting this vulnerability could allow an attacker to disclose protected information...