n8n: NoSQL Injection in MongoDB Node Find And Replace Operation
n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes
n8n: Git Node Clone and Push Operations Bypass File Sandbox
n8n: Python sandbox escape
vLLM: OpenAI auth bypass
Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read
Langflow: Unauthenticated RCE in Shareable Playgrounds
Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint
vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution
Langflow: IDOR/BOLA in Monitor API โ Missing Ownership Enforcement on 7 Endpoints
Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validate_exp = false in the verify_decode helper within the stdlib JWT verification path. Attackers in possession of a previously issued be...
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure.
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Rejected reason: loading template...
To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python as...
A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial of...
api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.