CVE-2024-41818 : NATURALINTELLIGENCE FAST-XML-PARSER UP TO 4.4.0 CURRENCY.JS RESOURCE CONSUMPTION
Description fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in
Description fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in
Description Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check
Description tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the “Set
Description Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by
Description In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following
Description A vulnerability has been found in SourceCodester School Fees Payment System 1.0 and classified as critical. This vulnerability affects
Description A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig
Description ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated
Description streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430
Description Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with
Description Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s
Description An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects
Description Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo
Description Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in
Description A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions <
Description D-Link – CWE-288:Authentication Bypass Using an Alternate Path or Channel. References https://www.gov.il/en/Departments/faq/cve_advisories For More Information CVERecord
Description Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained
Description 1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some
Description A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated,
Description The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an
Description Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive
Description In streampark, the project module integrates Maven’s compilation capabilities. The input parameter validation is not strict, allowing attackers to
Description In the Linux kernel, the following vulnerability has been resolved: bpf: Fix too early release of tcx_entry Pedro Pinto
Description Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values