Names bank info and more spills from top sperm bank

20.03.2025 10:39

Names bank info and more spills from top sperm bank

Jessica Lyons reports: One of the world’s largest sperm banks, California Cryobank, is in a sticky situation.… It’s had to tell folks their sensitive information, including names and bank account numbers, was likely stolen from it by digital intruders. The IT break-in occurred between April 20 and April 22, last

CVE-2025-0628 - BerriAI Litellm Privilege Escalation Vulnerability

20.03.2025 10:15

CVE-2025-0628 - BerriAI Litellm Privilege Escalation Vulnerability

CVE ID : CVE-2025-0628 Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago Description : An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role ‘internal_user_viewer’ logs into the application, they are provided with an overly privileged API key. This key can

CVE ID : CVE-2025-0628
Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago
Description : An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role ‘internal_user_viewer’ logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as ‘/users/list’ and ‘/users/get_users’. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-0655 - Man Group dtale Remote Code Execution RCE

20.03.2025 10:15

CVE-2025-0655 - Man Group dtale Remote Code Execution RCE

CVE ID : CVE-2025-0655 Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago Description : A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the enable_custom_filters feature, which is typically restricted to trusted environments. Once enabled, the attacker can exploit the /test-filter

CVE ID : CVE-2025-0655
Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago
Description : A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the `enable_custom_filters` feature, which is typically restricted to trusted environments. Once enabled, the attacker can exploit the /test-filter endpoint to execute arbitrary system commands, leading to remote code execution (RCE). This issue is addressed in version 3.16.1.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-1040 - AutoGPT SSTI RCE

20.03.2025 10:15

CVE-2025-1040 - AutoGPT SSTI RCE

CVE ID : CVE-2025-1040 Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago Description : AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the

CVE ID : CVE-2025-1040
Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago
Description : AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the `AgentOutputBlock` implementation, where malicious input is passed to the Jinja2 templating engine without adequate security measures. Attackers can exploit this flaw to execute arbitrary commands on the host system. The issue is fixed in version 0.4.0.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-0452 - Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

20.03.2025 10:15

CVE-2025-0452 - Eosphoros-ai DB-GPT Windows File Deletion Vulnerability

CVE ID : CVE-2025-0452 Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago Description : eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the ‘/v1/agent/hub/update’ endpoint. The application fails to properly filter the ‘' character, which is commonly used as a separator in Windows

CVE ID : CVE-2025-0452
Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago
Description : eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the ‘/v1/agent/hub/update’ endpoint. The application fails to properly filter the ‘\’ character, which is commonly used as a separator in Windows paths. This vulnerability allows attackers to delete any files on the host system by manipulating the ‘plugin_repo_name’ variable.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-0185 - Dify Tools Vanna Module Pandas Query Injection Vulnerability

20.03.2025 10:15

CVE-2025-0185 - Dify Tools Vanna Module Pandas Query Injection Vulnerability

CVE ID : CVE-2025-0185 Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago Description : A vulnerability in the Dify Tools’ Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function vn.get_training_plan_generic(df_information_schema), which does not properly sanitize

CVE ID : CVE-2025-0185
Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago
Description : A vulnerability in the Dify Tools’ Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function `vn.get_training_plan_generic(df_information_schema)`, which does not properly sanitize user inputs before executing queries using the Pandas library. This can potentially lead to Remote Code Execution (RCE) if exploited.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-9847 - FlatPress CMS CSRF Attack

20.03.2025 10:15

CVE-2024-9847 - FlatPress CMS CSRF Attack

CVE ID : CVE-2024-9847 Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago Description : FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link

CVE ID : CVE-2024-9847
Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago
Description : FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress CMS server to perform the desired action on behalf of the victim user. Since the request is authenticated, the server will process it as if it were initiated by the legitimate user, effectively allowing the attacker to perform unauthorized actions. This vulnerability is fixed in version 1.4.dev.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-9880 - Apache Pandas Command Injection Vulnerability

20.03.2025 10:15

CVE-2024-9880 - Apache Pandas Command Injection Vulnerability

CVE ID : CVE-2024-9880 Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago Description : A command injection vulnerability exists in the pandas.DataFrame.query function of pandas-dev/pandas versions up to and including v2.2.2. This vulnerability allows an attacker to execute arbitrary commands on the server by crafting a malicious query.

CVE ID : CVE-2024-9880
Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago
Description : A command injection vulnerability exists in the `pandas.DataFrame.query` function of pandas-dev/pandas versions up to and including v2.2.2. This vulnerability allows an attacker to execute arbitrary commands on the server by crafting a malicious query. The issue arises from the improper validation of user-supplied input in the `query` function when using the ‘python’ engine, leading to potential remote command execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-9919 - Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability

20.03.2025 10:15

CVE-2024-9919 - Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability

CVE ID : CVE-2024-9919 Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago Description : A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call the check_access() function to verify the client_id, enabling attackers

CVE ID : CVE-2024-9919
Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago
Description : A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call the check_access() function to verify the client_id, enabling attackers to delete directories without proper authentication.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-9439 - SuperAGI Remote Code Execution Vulnerability

20.03.2025 10:15

CVE-2024-9439 - SuperAGI Remote Code Execution Vulnerability

CVE ID : CVE-2024-9439 Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago Description : SuperAGI is vulnerable to remote code execution in the latest version. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or

CVE ID : CVE-2024-9439
Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago
Description : SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Previous Page 22 of 576 Next Page