Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and stil ...
Continue ReadingApril 11, 2024
Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and stil ...
Continue ReadingApril 11, 2024
Impact When the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user ...
Continue ReadingApril 11, 2024
Impact When the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user ...
Continue ReadingApril 11, 2024
gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versi ...
Continue ReadingApril 11, 2024
gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versi ...
Continue ReadingApril 11, 2024
mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by ...
Continue ReadingApril 11, 2024
mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by ...
Continue ReadingApril 11, 2024
Back to Main