90509 matches found
The vulnerability of the Cookies component of the Google Chrome browser allows a violator to enhance their privileges.
The vulnerability of the Google Chrome browser’s Cookies component is related to the reliance on cookies without verifying their authenticity and integrity. Exploiting this vulnerability can allow a malicious actor to enhance their privileges through a specially created HTML page...
The vulnerability of the NPM package manager vm2 library allows a hacker to execute arbitrary commands.
The vulnerability of the NPM package manager’s vm2 library is related to uncontrolled changes to object prototype attributes. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from the lack of protective measures for website structures, allowing attackers to execute arbitrary code.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the VoIP gateway software Telecom MG, related to deficiencies in authentication procedures, allows a perpetrator to bypass session authentication and reconfigure the gateway’s configuration.
The vulnerability of the VoIP gateway software of Telecom MG is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass session authentication checks and reconfigure the gateway settings...
The vulnerability of the professional video editing software Adobe Premiere Pro, related to recording beyond buffer limits, allows a hacker to execute arbitrary code.
The vulnerability of the professional video editing software Adobe Premiere Pro lies in the ability to record beyond the buffer limits. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user opens a specially crafted file...
The vulnerability of the Apache Tomcat application server arises from the redirection of URLs to an unreliable website, allowing attackers to redirect users to arbitrary URL addresses.
The vulnerability of the Apache Tomcat application server is related to the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary URL addresses...
The vulnerability of the Downloads component in the Google Chrome browser allows a hacker to increase their privileges.
The vulnerability of the Downloads component in the Google Chrome browser is related to a flaw in the data protection mechanism. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created HTML page...
The vulnerability of corporate email for VK WorkMail, related to insufficient input data verification, allows attackers to compromise the integrity of the protected information.
The vulnerability of corporate email for VK WorkMail is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the protected information...
The vulnerability of the NPM packet manager’s vm2 library allows attackers to bypass the sandbox’s security mechanisms.
The vulnerability of the NPM package manager’s vm2 library is related to uncontrolled changes to object prototype attributes. Exploiting this vulnerability could allow a remote attacker to bypass the sandbox’s security mechanisms...
The vulnerability of the final point of the application software interface/api/v1/build_public_tmp/{flow_id}/flow, which is used for creating and deploying agents and processes in Langflow. This allows a perpetrator to execute arbitrary code.
The vulnerability of the endpoint of the application programming interface/api/v1/buildpublictmp/flowid/flow for creating and deploying Langflow agents and processes is related to the lack of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to execu...
The vulnerability of the VoIP gateway software Telecom MG, related to improper code generation, allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the VoIP gateway software of Telecom MG is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...
The vulnerability of the row:search() and row:get() functions of the SeaTable Node component on the N8n automation platform allows unauthorized access to protected information.
The vulnerability of the row:search and row:get functions of the SeaTable Node component of the N8n automation platform relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected informatio...
The vulnerability of the Python Task Runner module of the N8n automation platform allows a hacker to bypass the sandbox protection mechanisms and execute arbitrary code.
The vulnerability of the Python Task Runner module of the N8n automation platform relates to improper code generation management. Exploiting this vulnerability allows a remote attacker to bypass the sandbox’s security mechanisms and execute arbitrary code...
The vulnerability of the Cast component in the Google Chrome browser allows a hacker to execute arbitrary code.
The vulnerability of the Cast component in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the MediaRecording component in the Google Chrome browser allows a hacker to execute arbitrary code.
The vulnerability of the MediaRecording component in Google Chrome browser relates to the ability to utilize memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code within the browser’s sandbox, using a specially created HTML page...
The vulnerability of the BaseHandler.getPrototypeOf() function in the vm2 package manager NPM allows a attacker to bypass the sandbox protection mechanisms and execute arbitrary code.
The vulnerability of the BaseHandler.getPrototypeOf function in the vm2 package manager’s NPM library is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to bypass the sandboxing mechanisms and execute arbitrary code...
The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from the lack of protective measures for website structures, allowing attackers to execute arbitrary code.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of Microsoft Exchange Server servers stems from the lack of protective measures for website structures, allowing attackers to carry out spear-phishing attacks.
The vulnerability of Microsoft Exchange Server servers is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks remotely...
The vulnerability of the Apache Tomcat application server, related to deficiencies in authentication procedures, allows attackers to escalate their privileges.
The vulnerability of the Apache Tomcat application server is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to gain increased privileges remotely...
The vulnerability of the PresentationAPI component in the Google Chrome browser allows a perpetrator to execute arbitrary code.
The vulnerability of Google Chrome’s PresentationAPI component relates to the ability to access memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code within the browser using a specially created HTML page...
The vulnerability of Nomad application orchestrators, related to incorrect definition of symbolic links before accessing files, allows attackers to gain read and write access to arbitrary files.
The vulnerability of Nomad application orchestrators is related to the incorrect definition of symbolic links before accessing files. Exploiting this vulnerability allows an attacker to gain access to and read/write arbitrary files...
The vulnerability of the exec2 task driver for Nomad, related to the incorrect definition of symbolic links before accessing files, allows a malicious actor to gain access to and read/write arbitrary files.
The vulnerability of the exec2 driver for Nomad is related to the incorrect definition of symbolic links before accessing files. Exploiting this vulnerability allows an attacker to gain access to and read/write arbitrary files...
The vulnerability of Nomad application orchestrators, related to incorrect restrictions on the path name to the catalog, allows attackers to execute arbitrary code.
The vulnerability of Nomad application orchestrators is related to incorrect restrictions on the path name to the catalog. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Vulnerability of the Networking component: DNS browsers like Mozilla Firefox and the email client Thunderbird, which allow attackers to affect the accessibility of protected information.
The vulnerability of the Networking component: DNS browsers like Mozilla Firefox and the email client Thunderbird are vulnerable due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the accessibility of protected information...
The vulnerability of Mozilla Firefox web browsers and Thunderbird email client’s WebRTC component allows attackers to gain unauthorized access to protected information.
The vulnerability of the WebRTC component in Mozilla Firefox browsers and the Thunderbird email client is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
Vulnerability of the DOM component: Security vulnerabilities in Mozilla Firefox browsers and Thunderbird email client, allowing attackers to circumvent existing security restrictions
The vulnerability of the DOM component: The security of Mozilla Firefox browsers and Thunderbird email client is related to a flaw in data protection mechanisms. Exploiting this vulnerability allows an attacker to bypass existing security restrictions remotely...
The vulnerability of the WebCodecs component in the Google Chrome web browser, which allows a hacker to disclose protected information
The vulnerability of the WebCodecs component in the Google Chrome web browser relates to reading data beyond the permitted range of memory. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information through a specially created HTML page...
Vulnerability of the Audio/Video component: The playback feature in Mozilla Firefox browsers and the Thunderbird email client allows attackers to trigger a service failure.
The vulnerability of the Audio/Video component: The playback functions of Mozilla Firefox browsers and the Thunderbird email client are vulnerable to a resource consumption issue that is not controlled. Exploiting this vulnerability could allow an attacker to cause service interruptions...
The vulnerability of the WebGPU component in Mozilla Firefox browsers and the Thunderbird email client allows a hacker to induce a service failure.
The vulnerability of the WebGPU component in Mozilla Firefox browsers and the Thunderbird email client is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...
The vulnerability of the Module._load() function in the built-in module of the vm2 package manager NPM allows a hacker to execute arbitrary code.
The vulnerability of the Module.load function in the vm2 library’s npm package manager is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the NPM packet manager’s vm2 library, related to an error in handling exception states, allows a attacker to trigger a service failure.
The vulnerability of the NPM packet manager’s vm2 library is related to an error in handling exceptional states. Exploiting this vulnerability can allow a remote attacker to cause service failures...
The vulnerability of the Bufferalloc() function in the vm2 package manager’s library allows a attacker to cause a service failure.
The vulnerability of the Bufferalloc function in the vm2 package manager’s library is related to the unlimited distribution of resources when processing the timeout parameter. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Snowflake Node and MySQL Node components of the N8n automation platform allows unauthorized access for reading, modifying, and deleting protected information.
The vulnerability of the Snowflake Node and MySQL Node components of the N8n automation platform for workflow processes is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to gain unauthorized access to read, modify, and...
The vulnerability of the MCP Client Registration mechanism of the N8n platform, which is used for automating work processes, allows a perpetrator to trigger a service failure.
The vulnerability of the MCP Client Registration mechanism of the N8n automation platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the Oracle Database Node component of the N8n automation platform allows a perpetrator to execute arbitrary code and gain unauthorized access to protected information.
The vulnerability of the Oracle Database Node component of the N8n automation platform relates to the lack of measures taken to protect the SQL query structure during the processing of the LIMIT field. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code a...
The vulnerability of the Java-based web application framework Apache Wicket relates to incorrect path name restrictions for restricted directories. This allows attackers to read arbitrary files.
The vulnerability of the Java-based web application framework Apache Wicket relates to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability could allow a malicious actor to read arbitrary files...
The vulnerability of the WebRTC component in Google Chrome allows a hacker to execute arbitrary code.
The vulnerability of the WebRTC component in Google Chrome relates to the ability to utilize memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code within the browser’s sandbox, using a specially created HTML page...
The vulnerability of the NPM package manager vm2 library allows a hacker to execute arbitrary commands.
The vulnerability of the NPM packet manager’s library vm2 is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the N8n automation platform, related to deficiencies in the authentication process, allows a malicious actor to reuse the external API key and gain unauthorized access to protected information.
The vulnerability of the N8n automation platform lies in the deficiencies of the authentication process when processing the dynamic-node-parameters endpoint. Exploiting this vulnerability allows an attacker to re-use the external API key and gain unauthorized access to protected information...
The vulnerability of the Hosted Chat node’s Chat Trigger function on the N8n platform, which allows a perpetrator to gain unauthorized access to and modify protected information.
The vulnerability of the Hosted Chat node’s Chat Trigger function in the N8n platform, which is used for automating processes, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to and...
The vulnerability of the Runtime component of Google Chrome allows a perpetrator to execute arbitrary code.
The vulnerability of the Google Chrome browser’s Runtime component is related to type conversion errors. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the get_dumpable() function in the Linux operating system’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the getdumpable function in the Linux operating system’s kernel is related to insecure management of privileges. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability in the Google Chrome web browser for iOS operating systems allows a hacker to increase their privileges.
The vulnerability in the Google Chrome web browser for iOS operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges through a specially created HTML page...
The vulnerability of the ngx_quic_module module in NGINX Plus and NGINX Open Source web servers allows a attacker to cause a service failure.
The vulnerability of the ngxquicmodule module in NGINX Plus and NGINX Open Source web servers relates to the bypassing of authentication processes through spoofing. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the ngx_http_ssl_module module in NGINX Plus and NGINX Open Source web servers allows attackers to compromise the confidentiality and accessibility of protected information.
The vulnerability of the ngxhttpsslmodule module in NGINX Plus and NGINX Open Source web servers is related to the use of memory after deallocation. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and accessibility of protected information...
The vulnerability of the NSS component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to gain unauthorized access to protected information.
The vulnerability of the NSS component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected informatio...
The vulnerability of the node-tar library on the Node.js software platform allows attackers to gain unauthorized access to protected information.
The vulnerability of the node-tar library in the Node.js software platform is related to an incorrect limitation on the path name for the restricted-access directory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Microsoft SharePoint Server software, related to deserialization mechanism flaws, allows attackers to execute arbitrary code.
The vulnerability of the Microsoft SharePoint Server software is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of Windows operating systems, related to access control errors, allows attackers to escalate their privileges.
Vulnerabilities of Windows operating systems are related to access control errors. Exploiting these vulnerabilities can allow attackers to increase their privileges...
The vulnerability of the ngx_http_rewrite_module module in NGINX Plus and NGINX Open Source web servers allows a perpetrator to execute arbitrary code.
The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...