CVE-2024-39715

CVE-2024-39715 describes a code injection vulnerability in Veeam Service Provider Console (VSPC) where a low-privileged user with REST API access can remotely upload arbitrary files to the VSPC server, leading to remote code execution. The description is consistent across multiple sources (NVD, R...

Veeam Service Provider Console 安全漏洞

Veeam Service Provider Console is a cloud-enabled platform from Veeam USA. A security vulnerability exists in Veeam Service Provider Console version 8.0.0.19552 and previous versions 8, which stems from the inclusion of a code injection vulnerability that allows a low privileged user with REST AP...

The vulnerability of the Cisco Smart License Utility software management software lies in undocumented static user credentials. This allows a malicious individual to gain unauthorized access to confidential information and to access the API without proper authorization.

The vulnerability of the Cisco Smart License Utility software management system is related to undocumented static account data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to confidential information and unauthorized access to the API...

CVE-2024-20440

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...

CVE-2024-20440

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...

CVE-2024-34650

Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel...

CVE-2024-45586

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

Symphony XTS Web Trader 安全漏洞

Symphony XTS Web Trader is an advanced HTML5-based trading platform from Symphony. A security vulnerability exists in Symphony XTS Web Trader version 2.0.0.1P160, which stems from improper access control to the API. A remote attacker could exploit the vulnerability to manipulate parameters via HT...

IBM OpenPages with Watson Authentication Bypass Vulnerability

IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risks in financial activities by integrating, automatically identifying, measuring, monitoring,...

PT-2024-26338 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue allows authenticated users to access sensitive information due to improper authorization controls on APIs. Recommendations: For versions 8.3 and 9.0, consider restricti...

PT-2024-28398 · Gl.Inet · X750 +19

Name of the Vulnerable Software and Affected Versions: GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 version 4.3.11 GL-iNet products MT3000/MT2500/AXT1800/AX1800/A1300/X300B version 4.5.16 GL-iNet products XE300 version 4.3.16 GL-iNet products E750 version 4.3....

GHSA-QGJ8-G9Q4-7F2P gotortc vulnerable to Cross-Site Request Forgery

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...

gotortc vulnerable to Cross-Site Request Forgery

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...

PT-2024-7660 · Tenda · Tenda Fh1206

Name of the Vulnerable Software and Affected Versions: Tenda FH1206 version 02.03.01.35 Description: The issue is caused by a stack overflow in the fromNatlimit function via the page parameter. This allows attackers to cause a Denial of Service DoS via a crafted POST request to the affected API...

CVE-2022-4001

An authentication bypass vulnerability could allow an attacker to access API functions without authentication...

CVE-2024-41110: Once Again, Docker Addresses API Vulnerability That Can Bypass Auth Plugins

Summary A significant vulnerability CVE-2024-41110 was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 critical...

CVE-2024-5703

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated...

CVE-2024-5703

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated...

CVE-2024-5703 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated...

CVE-2024-5703

The CVE CVE-2024-5703 affects the WordPress plugin Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce (versions up to 5.7.26). The issue is a missing capability check that permits unauthorized API access to the plugin’s API (if enabled) by ...