| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can contain malicious scripts, leading to stored Cross-Site Scripting (XSS) attacks. Through stored XSS, an attacker can steal information about the victim and perform any action on their behalf. |
| A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading to the deletion of the entire sandbox service and causing irreversible damage. |
| In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure of password recovery tokens in API responses. Specifically, when a user initiates the password reset process, the recovery token is included in the response of the `GET /v1/users/me/org` endpoint, which lists all users in a team. This allows any authenticated user to capture the recovery token of another user and subsequently change that user's password without consent, effectively taking over the account. The issue lies in the inclusion of the `recovery_token` attribute in the users object returned by the API. |
| Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles. |
| Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload. |
| Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload. |
| Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account. |
| Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account. |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an incorrect Implementation of Authentication Algorithm vulnerability in the RestAPI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. |
| A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. |
| The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. This issue has been patched via commit 4e075d3. |
| An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. |
| Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple times on the same memory region. By supplying a specifically crafted pcap file to the tcprewrite binary, a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption. |
| Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials. |
| Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows. |
| The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware. |
| Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution in the context of users browsers. This flaw could lead to session hijacking, cookie theft, and other malicious actions. |
| Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207. |
| An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information could, in some HA use cases, be shared among administrators, which can cause secret sharing. |
| An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation. |
