213680 matches found
Design/Logic Flaw
The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Unrestricted file upload
flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in updatesetting.php...
Null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: power: supply: Fix null pointer dereference in smb2probe devmkasprintf and devmkzalloc return a pointer to dynamically allocated memory which can be NULL upon failure...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpialloc allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but...
Heap overflow
A heap-based buffer overflow vulnerability exists in the GGUF library info-ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
Cross site scripting
A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Project Assignment Report. The manipulation of the argument pname leads to cross site scripting. It i...
Cross site request forgery (csrf)
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...
Cross site scripting
A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...
Cross site scripting
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd "ext4: remove redundant mbregeneratebuddy" and reintroduces mbregeneratebuddy. Based on code in mbfreeblocks, fast commi...
Null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement sendsrp, we may still attempt to call it. This can happen on an idle Ethernet gadget triggeri...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the allocworkqueue return value in radeoncrtcinit check the allocworkqueue return value in radeoncrtcinit to avoid null-ptr-deref...
Buffer overflow
Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening...
Null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: ice: Fix some null pointer dereference issues in iceptp.c devmkasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure...
Command injection
Splinefont in FontForge through 20230101 allows command injection via crafted filenames...
Server side request forgery (ssrf)
The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wcsfurlcheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary...
Authentication flaw
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage...
Null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 "net: hso: fix null-ptr-deref during tty device unregistration" fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointe...
Design/Logic Flaw
Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier...
Unrestricted file upload
Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2...
Heap overflow
A heap-based buffer overflow vulnerability exists in the GGUF library header.nkv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
Design/Logic Flaw
openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c...
Design/Logic Flaw
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the...
Open redirect
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
Design/Logic Flaw
Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...
Authentication flaw
This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage...
Design/Logic Flaw
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3...
Design/Logic Flaw
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for oth...
Out-of-bounds
A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. This issue affects some unknown processing of the file users/register-complaint.php of the component Lodge Complaint Section. The manipulation leads to unrestricted upload. The attack may be...
Heap overflow
A heap-based buffer overflow vulnerability exists in the GGUF library GGUFTYPEARRAY/GGUFTYPESTRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
Unrestricted file upload
Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxartremove, so fix this by saving the base register of the device and using it instead of t...
Cross site scripting
User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS rende...
Design/Logic Flaw
Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...
Command injection
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...
Cross site scripting
A DOM based cross-site scripting XSS vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL...
Heap overflow
A heap-based buffer overflow vulnerability exists in the GGUF library gguffreadstr functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
Design/Logic Flaw
Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files...
Heap overflow
A heap-based buffer overflow vulnerability exists in the GGUF library header.ntensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
Cross site scripting
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
Information disclosure
A user with a default role given to them by the admin can sent DELETE HTTP requests to remove-folder and remove-document to delete folders and source files from the instance even when their role should explicitly not allow this action on the system...
Design/Logic Flaw
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests...
Design/Logic Flaw
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been...
Design/Logic Flaw
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
Sql injection
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack may be...
Directory traversal
The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the server...
Code injection
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiloke WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit.This issue affects WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit: from n/a through 1.0.9...
Design/Logic Flaw
A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met...
Server side request forgery (ssrf)
Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery SSRF via the event subscription function /service/subscription.go. This vulnerability allows attackers to access internal requests via a crafted POST request...