Search Results for: f5

Description Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in

Description XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user

Description In the Linux kernel, the following vulnerability has been resolved: bpf: Fix too early release of tcx_entry Pedro Pinto

Description Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values

Description In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock

Description NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString.

Description Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that

Description The allows any authenticated user to join a private group due to a missing authorization check on a function.

Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is

Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in

Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is

Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more

Description In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ——————————————————- uio_unregister_device

Description A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The

Description Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe,

Description Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. References https://huntr.dev/bounties/ac10e81c-998e-4425-9d74-b985d9b0254c https://github.com/cloudexplorer-dev/cloudexplorer-lite/commit/d9f55a44e579d312977b02317b2020de758b763a For More Information MITRE

Description Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. References https://huntr.dev/bounties/397ea68d-1e28-44ff-b830-c8883d067d96 https://github.com/jsreport/jsreport/commit/afaff3804b34b38e959f5ae65f9e672088de13d7 For More Information MITRE

Description baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system

Description XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it’s possible to inject arbitrary wiki

Description Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. References https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc For More Information MITRE

Description There is a logic error in io_uring’s implementation which can be used to trigger a use-after-free vulnerability leading to

Description Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper

Description A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could