Description Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the
Description CPython 3.9 and earlier doesn’t disallow configuring an empty list (“[]”) for SSLContext.set_npn_protocols() which is an invalid value for
Description Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability
Description The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a “RetrievalMethod is
![CVE-2024-34580 : APACHE XML SECURITY FOR C++ UP TO 2.0.4 XML SIGNATURE SERVER-SIDE REQUEST FORGERY ⚔ [Disputed]](https://prophaze.b-cdn.net/wp-content/uploads/2024/06/CVE-2024-34580.jpg)
Description Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against
Description A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application’s handling of the
Description Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers
Description H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log
Description An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution
Description Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific
Description IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script.
Description CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension`
Description Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile
Description Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code
Description In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune()
Description Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is
Description vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access
In today’s connected world, the healthcare industry increasingly relies on data integration platforms such as NextGen Healthcare Mirth Connect. These
Description DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3
Description Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference
Description Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands
Description parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function
Description Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series
Description Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)