Software: NPM - Ip Package Vulnerability: Missing IP Address Control CVE: CVE-2023-42282 Discoverer: Fatih Çelik & Emre Durmaz Description of the product: IP address utilities for node....
Deserialization of Untrusted Data in pytorch-lightning
Software: [https://github.com/pytorchlightning/pytorch-lightning) Vulnerability: Insecure Yaml Deserialization CVE: CVE-2021-4118 Description of the product: Lightning disentangles PyTorch c...
NULL Pointer Dereference | Deark
Software: https://github.com/jsummers/deark/ Version: 1.5.7-1 Vulnerability: NULL Pointer Dereference CVE: CVE-2021-28855 Description of the product: A utility for file format and metadata ...
Division By Zero | Deark
Version: 1.5.7-1 Bug: Division by Zero CVE: CVE-2021-28856 Description of the product: A utility for file format and metadata analysis, data extraction, decompression, and image format decod...
Group Office CRM | Stored XSS via SVG File
Software: https://sourceforge.net/projects/group-office/ Version: 6.4.196 Vulnerability: Cross Site Scripting CVE: CVE-2020-35418 && CVE-2020-35419 Description of the product: Group...
Group Office CRM | SSRF
Software: https://sourceforge.net/projects/group-office/ Version: 6.4.196 Vulnerability: SSRF CVE: CVE-2021-28060 Description of the product: Group Office is an open source groupware applic...
Sentrifugo 3.2 | SQLi [employeeNumId] parameter | CVE-2020-26805
Software: https://sourceforge.net/projects/sentrifugo/ Version: 3.2 Vulnerability: Unrestricted File Upload CVE: CVE-2020-26805 Sentrifugo is a FREE and powerful Human Resource Management Sy...
Sentrifugo 3.2 | RCE [Authenticated] (assets) | CVE-2020-26803
Software: https://sourceforge.net/projects/sentrifugo/ Version: 3.2 Vulnerability: Unrestricted File Upload CVE: CVE-2020-26803 Exploit-DB: https://www.exploit-db.com/exploits/48997 Sentrif...
Sentrifugo 3.2 | RCE [Authenticated] (announcements) | CVE-2020-26804
Software: https://sourceforge.net/projects/sentrifugo/ Version: 3.2 Vulnerability: Unrestricted File Upload CVE: CVE-2020-26804 Exploit-DB: https://www.exploit-db.com/exploits/48998 Sentrif...
CMSUno 1.6.2 | RCE [Authenticated] (password.php) | CVE-2020-25557
Vendor: https://github.com/boiteasite/cmsuno/ Version: 1.6.2Vulnerability: Code Injection CVE: CVE-2020-25557 Exploit-DB: https://www.exploit-db.com/exploits/49031 Analysis If you read my othe...