Description: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and

Description: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. Link: Visit the GitHub Repository Language: Python Owner: paultheal1en Stars: 0 Forks: 0

Description: In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. Link: Visit the GitHub Repository Language:

Description: Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15

Description: A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. Link: Visit the GitHub Repository Language: Python Owner: VoyagerOnne Stars: 0 Forks: 0

Description: GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation

Description: An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability. Link: Visit the GitHub Repository Language: Python Owner: Mattb709 Stars: 0 Forks: 0

Description: An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability. Link: Visit the GitHub Repository Language: Python Owner: Mattb709 Stars: 0 Forks: 0

Description: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters

Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. Link: Visit the GitHub Repository Language: Python Owner: ivanbg2004 Stars: 0 Forks: 0