-
Remote Code Execution Vulnerability in pgAdmin (CVE-2025-2945)Bug Bounty 2025. 4. 4. 18:19
IntroductionThis post provides a technical explanation of a Remote Code Execution (RCE) vulnerability discovered in pgAdmin (≤9.1), a widely used administration tool for PostgreSQL databases. To exploit this vulnerability, an authenticated user must be able to send a POST request to the pgAdmin server.The vulnerability exists in two separate features — /sqleditor/query_tool/download and /cloud/d..
-
-
Flowise RCE via File UploadBug Bounty 2025. 3. 15. 01:08
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-8vvx-qvq9-5948 Arbitrary file write to RCE### Summary An attacker could write files with arbitrary content to the filesystem via the `/api/v1/document-store/loader/process` API. An attacker can reach RCE(Remote Code Execution) via file w...github.comhttps://flowiseai.com/ Flowise - Low code LLM Apps BuilderOpen source low-code tool fo..
-
CVE-2024-7773/CVE-2024-45436 in Ollama RCEBug Bounty 2024. 10. 8. 00:13
Remote Code Execution via Zipsliphttps://huntr.com/bounties/aeb82e05-484f-4431-9ede-25a3478d8dbb huntr - The world’s first bug bounty platform for AI/ML huntr.com zipslip -> create /etc/ld.so.preload(/etc/vuln.so in content) AND /etc/vuln.so -> generate new process -> sprintf() hooked -> RCE 이상하게 꼬여서 같은 취약점에 CVE 두개 발급됨.. 더보기#!/usr/bin/env python3## Copyright (c) 2009, Neohapsis, Inc.# All righ..
-
CVE-2023-50718 in nocoDB SQL injectionBug Bounty 2024. 5. 14. 01:33
https://github.com/nocodb/nocodb/security/advisories/GHSA-8fxg-mr34-jqr8 Improper Neutralization of Special Elements used in an SQL Command### Summary --- An authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped table_name. ### Details --- ### SQL Injection vulnerability occu...github.com https://github.com/nocodb/nocodb GitHub - nocodb/nocodb..
-
CVE-2023-50717 in nocoDB XSSBug Bounty 2024. 5. 14. 01:31
https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh Allow Preview of File with Dangerous Content### Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack....github.com https://github.com/nocodb/nocodb GitHub - nocodb/nocodb: 🔥 🔥 🔥 Open So..