| Page(s) : 1 [2] 3 4 5 6 7 8 9 10 11 12 ... | Result(s) : 271058 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2024-04-16 | CVE-2024-2083 | cve | A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipula... |
| N/A | 2024-04-16 | CVE-2024-2260 | cve | A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an att... |
| N/A | 2024-04-16 | CVE-2024-2912 | cve | An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this v... |
| N/A | 2024-04-16 | CVE-2024-30567 | cve | An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. |
| N/A | 2024-04-16 | CVE-2024-3028 | cve | mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logo_filena... |
| N/A | 2024-04-16 | CVE-2024-3029 | cve | In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This ... |
| N/A | 2024-04-16 | CVE-2024-3271 | cve | A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanis... |
| N/A | 2024-04-16 | CVE-2024-3571 | cve | langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore func... |
| N/A | 2024-04-16 | CVE-2024-3572 | cve | The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. Th... |
| N/A | 2024-04-16 | CVE-2024-3573 | cve | mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue ... |
| N/A | 2024-04-16 | CVE-2024-3574 | cve | In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cros... |
| N/A | 2024-04-16 | CVE-2024-3575 | cve | Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb |
| N/A | 2024-04-16 | CVE-2024-31634 | cve | Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRu... |
| N/A | 2024-04-16 | CVE-2024-31783 | cve | Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local attacker to obtain sensitive information via a crafted script during markdown file creation. |
| N/A | 2024-04-16 | CVE-2024-31784 | cve | An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component. |
| N/A | 2024-04-15 | CVE-2023-45503 | cve | SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensi... |
| N/A | 2024-04-15 | CVE-2024-23560 | cve | HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. |
| N/A | 2024-04-15 | CVE-2024-30840 | cve | A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function. |
| N/A | 2024-04-15 | CVE-2024-31497 | cve | In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 si... |
| N/A | 2024-04-15 | CVE-2024-31990 | cve | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit r... |
| Page(s) : 1 [2] 3 4 5 6 7 8 9 10 11 12 ... | Result(s) : 271058 |
