| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue. |
| Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to denial of service. |
| qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0. |
| In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts. |
| Secure Boot Security Feature Bypass Vulnerability |
| Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Access Denial of Service Vulnerability |
| Windows OLE Remote Code Execution Vulnerability |
| Windows Installer Elevation of Privilege Vulnerability |
| Microsoft Teams Information Disclosure Vulnerability |
| Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| SysInternals Sysmon for Windows Elevation of Privilege Vulnerability |
| AV1 Video Extension Remote Code Execution Vulnerability |
| AV1 Video Extension Remote Code Execution Vulnerability |
| Visual Studio Code Spoofing Vulnerability |
| Microsoft Word Security Feature Bypass Vulnerability |
| Windows MSHTML Platform Security Feature Bypass Vulnerability |
| Microsoft SharePoint Server Information Disclosure Vulnerability |
