BIT-GRAFANA-2023-2183

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...

Spring into Action! Earn up to $10,000 with our Extended Bug Bounty Program Extravaganza through Memorial Day!

Spring into action and kick-start your spring cleaning with a tech twist! Were excited to announce the extension of our Bug Bounty Extravaganza through Memorial Day, May 27th, 2024. Now, you have a golden opportunity to earn up to $10,000 for reporting vulnerabilities in WordPress software over t...

PT-2024-15746 · WordPress · Page Restrict

Name of the Vulnerable Software and Affected Versions: Page Restrict plugin for WordPress versions up to, and including, 2.5.5 Description: The issue is related to information disclosure due to the plugin not properly restricting access to posts via the REST API when a page has been made private...

PT-2024-21634 · Esphome · Esphome

Name of the Vulnerable Software and Affected Versions: ESPHome versions 2023.12.9 through 2024.2.0 Description: A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome allows authenticated remote attackers to read and write arbitrary files under the...

CVE-2024-1210 LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via API

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes...

IBM Tivoli Application Dependency Discovery Manager Elevation of Privilege Vulnerability

IBM Tivoli Application Dependency Discovery Manager TADDM is a product in the suite of IT service management solutions from International Business Machines IBM. The product provides robust automated application mapping and discovery to help administrators understand the structure, state,...

CVE-2023-47142

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

CVE-2023-47142

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

Design/Logic Flaw

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

CVE-2023-47142 IBM Tivoli Application Dependency Discovery Manager privilege escalation

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

CVE-2023-47142

CVE-2023-47142 affects IBM Tivoli Application Dependency Discovery Manager (TADDM) versions 7.3.0.0 through 7.3.0.10. The root cause is unauthorized API access, allowing an attacker on the local network to escalate privileges. Remediation per IBM is to upgrade to FixPack 7.3.0.11 (7.3-TIV-ITADDM-...

CVE-2023-47142 IBM Tivoli Application Dependency Discovery Manager privilege escalation

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

IBM Tivoli Application Dependency Discovery Manager 权限许可和访问控制问题漏洞

IBM Tivoli Application Dependency Discovery Manager TADDM is a product in the suite of IT service management solutions from International Business Machines IBM. The product provides robust automated application mapping and discovery to help administrators understand the structure, state,...

PT-2024-15913 · WordPress · Anonymous Restricted Content

Name of the Vulnerable Software and Affected Versions: Anonymous Restricted Content plugin for WordPress versions up to, and including, 1.6.2 Description: The issue is due to insufficient restrictions through the REST API on protected posts and pages, allowing unauthenticated attackers to access...

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager affected by multiple vulnerabilities.

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to multiple vulnerabilities. Vulnerability Details CVEID:CVE-2023-47143 DESCRIPTION: IBM Tivoli Application Dependency Discovery Manager is vulnerable to HTTP header injection, caused by improper...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Vulnerability fixed in IBM Informix

IBM has fixed a vulnerability in the JDBC driver of Informix. A malicious person with rights to use the API could can exploit the vulnerability to execute arbitrary code execute code with permissions from the application using the JDBC driver. Because it cannot be estimated with what permissions...

CVE-2023-42581

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data...

CVE-2023-46326

CVE-2023-46326 affects ZStack Cloud

PT-2023-32525 · M Files · M-Files Server

Name of the Vulnerable Software and Affected Versions: M-Files server versions prior to 23.11.13156.0 Description: A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server, which allows attackers to execute...