| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In getPreferredSize of LauncherProcessImageListener.kt, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectService.CreateProject writes attacker-supplied compose content to disk without validating include paths, an authenticated user can create a project whose compose file declares include: ['../../../../etc/passwd'], then read the include via the project file API. The result is arbitrary read of any file readable by the Arcane backend process, including /app/data/arcane.db (the SQLite database containing every user's password hash and API key), enabling escalation to admin and, via Arcane's Docker control plane, RCE on the host. This vulnerability is fixed in 1.19.4. |
| A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function get_headers of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. |
| Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the stored conversation reference by sending a crafted inbound activity to the Teams webhook, causing subsequent bot replies to transmit token-bearing Authorization header requests to an attacker-controlled host. |
| A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. |
| Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. |
| A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. |
| IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users. |
| A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/export_language.cgi endpoint. The handler passes the attacker-controlled Content-Length value directly to fread() as the read size into a fixed-size 0x60-byte stack buffer, overwriting the saved link register. The binary is compiled without stack canaries. |
| A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser. |
| Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content.
Package keys read from build/packages/packages.toml by LocalPackages::read_from_disc are passed without validation to paths.build_packages_package(), which constructs a filesystem path by joining the project build directory with the attacker-controlled key. The resulting path is then passed to fs::delete_directory (which calls remove_dir_all). No check is performed to ensure the path remains within the intended build/packages/ directory. Both absolute paths and relative traversal sequences (e.g. ../) are accepted as package keys, allowing deletion of arbitrary directories.
An attacker who can cause a victim to run gleam deps download on a project containing a malicious build/packages/packages.toml (e.g. by committing the normally-gitignored file to a repository) can cause arbitrary directories on the victim's system to be recursively deleted.
This issue affects Gleam from 0.18.0-rc1 until 1.17.0. |
| Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory.
The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or confinement to the intended project and documentation output directories. The documentation.pages[].path field can be used to write generated documentation files outside the intended build/dev/docs/<package>/ output directory. The documentation.pages[].source field can be used to read files outside the project directory and embed their contents into generated documentation output.
An attacker who can convince a victim to run gleam docs build on an untrusted project, or with untrusted gleam.toml content, can cause local files readable by the victim to be included in generated documentation artifacts, and can cause generated documentation files to be written outside the intended docs output directory.
This issue affects Gleam from 1.16.0 until 1.17.0. |
| NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint `/index.php?route=/queries/user/`. The application reflects user-supplied input from the id parameter into the HTML response without proper sanitization or output encoding. An attacker can craft a malicious URL containing JavaScript code. When a victim visits the crafted URL, the injected script executes in the victim's browser within the context of the vulnerable application. This could allow attackers to execute arbitrary JavaScript, potentially leading to session hijacking, phishing attacks, or manipulation of page content. Version 2.2.5 fixes the issue. |
| A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home_employee.php. The manipulation of the argument emp_id results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used. |
| IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication. |
| A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. The manipulation of the argument serverBaseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. |
| A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server. |
| A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data. |
| A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts. |
| A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks. |
