90336 matches found
The vulnerability of the aiohttp HTTP client, related to the lack of protection for service data, allows attackers to gain unauthorized access to protected information.
The vulnerability of the aiohttp HTTP client is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability in the Open WebUI web interface, related to the unlimited loading of dangerous type files, allows attackers to bypass existing security mechanisms and load any files they desire.
The vulnerability of the Open WebUI web interface is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to bypass existing security mechanisms and load any desired files...
The vulnerability of the validate_url() function (backend/open_webui/retrieval/web/utils.py) in the Open WebUI AI-based web interface allows a attacker to perform an SSRF attack.
The vulnerability of the validateurl function backend/openwebui/retrieval/web/utils.py in the Open WebUI AI-based web interface is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...
The vulnerability of the validate_url() function (backend/open_webui/retrieval/web/utils.py) in the Open WebUI AI-based web interface allows a attacker to perform an SSRF attack.
The vulnerability of the validateurl function backend/openwebui/retrieval/web/utils.py in the Open WebUI AI-based web interface is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...
The vulnerability of the PDF-generation function in the Open WebUI web interface allows a attacker to perform an SSRF attack.
The vulnerability of the PDF file generation function in the Open WebUI web interface is related to insufficient validation of requests at the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
The vulnerability in the Open WebUI web interface, related to the lack of protective measures for website structures, allows attackers to execute cross-site scripting attacks (XSS).
The vulnerability of the Open WebUI web interface is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS using a specially created URL address...
The vulnerability of the LXD container management system, which stems from the failure to eliminate certain special elements, allows a perpetrator to execute arbitrary commands.
The vulnerability of the LXD container management system is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Packetbeat network packet analyzer, related to reading beyond the buffer in memory, allows a hacker to cause a service failure.
The vulnerability of the Packetbeat network packet analyzer is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the Packetbeat network packet analyzer, related to unvalidated array indexing, allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Packetbeat network packet analyzer is related to unvalidated array indexing. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the Metricbeat monitoring tool, related to uncontrolled memory distribution, allows a attacker to trigger a service failure.
The vulnerability of the Metricbeat monitoring tool is related to uncontrolled memory allocation. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of theOTP library set in the Erlang programming language, related to deficiencies in handling http requests, allows attackers to carry out attacks by replacing HTTP requests.
The vulnerability of theOTP library in the Erlang programming language is related to deficiencies in handling http requests. Exploiting this vulnerability allows a malicious actor to carry out attacks by replacing HTTP requests...
The vulnerability of the web framework and the asynchronous network library Tornado, related to improper handling of special elements, allows a perpetrator to execute arbitrary code.
The vulnerability of the web framework and the asynchronous network library Tornado is related to improper handling of special elements. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of the modular interface between web servers and web applications in Rack, related to the lack of protective measures for the web page structure, allows attackers to execute arbitrary code.
The vulnerability of the modular interface between web servers and Rack web applications is related to the lack of security measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the PDF processing library PyPDF2, related to excessive iteration, allows a hacker to trigger a service failure.
The vulnerability of the PyPDF2 library for processing PDF files is related to excessive iteration. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the PyPDF2 library for processing PDF files, which stems from the use of a regular expression with inefficient computational complexity, allows attackers to trigger service failures.
The vulnerability of the PyPDF2 library for processing PDF files relates to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker operating remotely to cause service interruptions...
The vulnerability of the get_status() function in the Open WebUI web interface allows a hacker to bypass security restrictions and gain unauthorized access to protected information.
The vulnerability of the getstatus function in the Open WebUI web interface is related to the lack of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected information...
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to reading data beyond the buffer in memory, which allows an attacker to cause a service failure.
The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird involve reading data beyond the buffer in memory. Exploiting these vulnerabilities can allow a remote attacker to cause service interruptions...
The vulnerability of the PowerDNS software, related to insufficient resource control during its existence, allows a hacker to cause a service failure.
The vulnerability of the PowerDNS software is related to insufficient resource control during its existence. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the activesupport component in the Ruby on Rails software framework allows a hacker to trigger a service failure.
The vulnerability of the activesupport component in the Ruby on Rails software framework is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the Gimp image processing library, related to buffer overflow in dynamic memory, allows an attacker to execute arbitrary code.
The vulnerability of the Gimp image processing library is related to overflow in the dynamic memory buffer. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Go programming language, related to errors in type mixing, allows attackers to execute arbitrary code.
The vulnerability of the Go programming language is related to type mixing errors. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the node-tar library on the Node.js software platform allows attackers to gain unauthorized access to protected information.
The vulnerability of the node-tar library in the Node.js software platform is related to an incorrect limitation on the path name for the restricted-access directory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Python library for working with PDF files, PyPDF, relates to the execution of a loop with an unreachable exit condition, allowing a hacker to cause a service failure.
The vulnerability of the Python library for working with PDF files, PyPDF, is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the minimatch library on the Node.js software platform, which allows a hacker to cause a service failure.
The vulnerability of the minimatch library on the Node.js software platform is related to its algorithmic complexity. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Prisma SD-WAN ION network management tool, related to the lack of input data verification for cyclic operations, allows a attacker to trigger a service failure.
The vulnerability of the Prisma SD-WAN ION network management tool is related to the lack of validation for input data during cyclical operations. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the formPPPoESetup function in the goform/formPPPoESetup file of the POST Request Handler component of the Edimax BR-6675nD wireless signal amplifiers’ microprogramming system, which allows a hacker to cause a service failure.
The vulnerability of the formPPPoESetup function in the goform/formPPPoESetup file of the POST Request Handler component of the wireless signal amplifiers’ microprogramming system Edimax BR-6675nD is related to the issue of the operation exceeding the buffer boundaries in memory when processing t...
The vulnerability of the formPPTPSetup function in the goform/formPPTPSetup file of the POST Request Handler component of the wireless signal amplifiers’ microprogramming system, Edimax BR-6675nD, allows a hacker to trigger a service failure.
The vulnerability of the formPPTPSetup function in the goform/formPPTPSetup file of the POST Request Handler component of the wireless signal amplifiers’ microprogramming system, Edimax BR-6675nD, is related to the operation of the function beyond the buffer in memory when processing the...
The vulnerability of the Prisma Access Agent, a user remote access agent for corporate resources and applications, stems from authentication procedures that have flaws. This allows attackers to enhance their privileges, gain read access to data, and execute arbitrary code.
The vulnerability of the Prisma Access Agent, a user remote access agent, relates to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges, gain read access to data, and execute arbitrary code...
The vulnerability of the Trust Protection Foundation’s key and certificate management mechanism, related to the failure to protect the SQL query structure, allows attackers to execute arbitrary commands and gain access to read, modify, and delete data.
The vulnerability of the Trust Protection Foundation TPF key management and certificate management mechanisms is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary commands and gain access to read, modify...
The vulnerability of the Central Browser mode of the Glances monitoring tool allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Central Browser mode of the Glances monitoring tool is related to a lack of mechanism for verifying the source of the data. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability in the Open WebUI web interface, related to the manipulation of cross-site requests, allows a perpetrator to perform a CSRF attack or cause a service failure.
The vulnerability of the Open WebUI web interface is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack or cause a service failure...
The vulnerability of the Blitz Identity Provider software, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability of the Blitz Identity Provider software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the aiohttp HTTP client, related to deficiencies in request processing, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the aiohttp HTTP client is related to deficiencies in request processing. Exploiting this vulnerability allows an attacker to send hidden HTTP requests remotely HTTP Request Smuggling attack...
The vulnerability in the set of libraries for the Erlang programming language relates to incorrect restrictions on the path name to the restricted access directory. This allows a intruder to gain unauthorized access to protected information.
The vulnerability in the set of libraries for the Erlang programming language relates to incorrect restrictions on the path name to the restricted-access directory. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the PDF processing library PyPDF2, related to algorithmic complexity, allows attackers to trigger a service failure.
The vulnerability of the PyPDF2 library for processing PDF files is related to algorithmic complexity. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the bson_validate() function in the MongoDB database management system allows a hacker to trigger a service failure.
The vulnerability of the bsonvalidate function in the MongoDB database management system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause service failures...
The vulnerability of the node-tar library in the Node.js software platform arises from incorrect path name restrictions for restricted-access directories. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the node-tar library in the Node.js software platform is related to an incorrect limitation on the path name for the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, related to integer overflow, allows attackers to cause service failures.
The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to integer overflows. Exploiting these vulnerabilities can allow a malicious actor to cause service failures remotely...
The vulnerability of the Active Storage library for connecting cloud and local files to Rails applications involves an incorrect path name limitation for the restricted access directory, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Active Storage library for connecting cloud and local files to Rails applications is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to protected...
The vulnerability of the activesupport component in the Ruby on Rails software framework allows a hacker to trigger a service failure.
The vulnerability of the activesupport component in the Ruby on Rails software framework is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker to cause service failures...
The vulnerability of the Active Storage component of the Ruby on Rails software framework allows attackers to execute arbitrary code.
The vulnerability of the Active Storage component in the Ruby on Rails software framework is related to insufficient neutralization of certain elements in the request. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the ActionView component of the Ruby on Rails software platform allows attackers to execute arbitrary code.
The vulnerability of the ActionView component of the Ruby on Rails software platform is related to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Go programming language, which comes with unlimited resource distribution, allows attackers to cause service failures.
The vulnerability of the Go programming language is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the Go programming language, related to errors in the certificate validation process, allows a perpetrator to cause service failures.
The vulnerability of the Go programming language is related to errors in the certificate validation process. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...
The vulnerability of the Go programming language, related to the lack of measures taken to protect web page structures, allows attackers to execute arbitrary code.
The vulnerability of the Go programming language is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Go programming language lies in the incorrect definition of the link before accessing a file, which allows attackers to escalate their privileges.
The vulnerability of the Go programming language is related to the incorrect definition of the link before accessing a file. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the HDF5 library, related to the use of memory after it is freed, allows a hacker to execute arbitrary code.
The vulnerability of the HDF5 library is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the package manager for Kubernetes Helm, related to an incorrect path name limitation for the restricted access directory, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the package manager for Kubernetes Helm is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a perpetrator to gain unauthorized access to protected information...
The vulnerability of the OCI Container Runtime (crun) environment, related to insecure management of privileges, allows attackers to escalate their privileges.
The vulnerability of the OCI Container Runtime crun environment is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of the GlobalProtect portal and the GlobalProtect Gateway server of the PAN-OS operating system allows a hacker to bypass security restrictions.
The vulnerability of the GlobalProtect portal and the GlobalProtect Gateway server, which run on the PAN-OS operating system, stems from the use of cookies without proper validation and integrity checks. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions...