CVE-2024-7740

A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiat...

CVE-2024-7740

A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiat...

CVE-2024-7741 wanglongcn ltcms API Endpoint downloadfile downloadFile path traversal

A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The...

CVE-2024-7741 wanglongcn ltcms API Endpoint downloadfile downloadFile path traversal

A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The...

CVE-2024-7741

CVE-2024-7741 affects wanglongcn ltcms 1.0.20. The issue is in the API Endpoint function downloadFile (/api/file/downloadfile) where manipulation of the file parameter enables path traversal. The attack could be launched remotely and the exploit has been disclosed publicly. No public details in t...

CVE-2024-7740 wanglongcn ltcms API Endpoint download server-side request forgery

A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiat...

CVE-2024-7740 wanglongcn ltcms API Endpoint download server-side request forgery

A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiat...

CVE-2024-7740

CVE-2024-7740 — Wanglong LTcms 1.0.20 : A server-side request forgery (SSRF) vulnerability exists in the API Endpoint download function (/api/test/download) triggered by manipulating the url parameter. The issue is exploitable remotely, with public disclosures noted. Affected software: Wanglong L...

PT-2024-6173 · Sap · Sap Commerce Cloud

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud affected versions not specified Description: The issue is related to errors in processing information in the OCC API Endpoint component of SAP Commerce Cloud. This could allow a remote attacker to gain unauthorized access t...

PT-2024-8613 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.19 Description: A critical issue has been found in the formWriteFacMac function of the /goform/WriteFacMac API endpoint. The manipulation of the mac parameter leads to command injection. This issue can be exploited...

PT-2024-5562

SAP BusinessObjects Business Intelligence Platform versions 4.30 and 4.40 The issue involves a missing authentication check in the SAP BusinessObjects Business Intelligence Platform when Single Signed On is enabled on Enterprise authentication. An unauthorized user can obtain a logon token by...

Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/chatflows-streaming/id endpoint. If the default configuration is used unauthenticated, an attacker may be able...

Flowise Cross-site Scripting in/api/v1/credentials/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...

Flowise Cross-site Scripting in /api/v1/public-chatflows/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/public-chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to...

CVE-2024-38878

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 R8.2 SP3 All versions, Omnivise T3000 R8.2 SP4 All versions. Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path...

CVE-2024-38878

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 R8.2 SP3 All versions, Omnivise T3000 R8.2 SP4 All versions. Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path...

Ubuntu: Security Advisory (USN-6935-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6935-1: Prometheus Alertmanager vulnerability

It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with permission to send requests to this endpoint could potentially inject arbitrary code. On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, this vulnerability is only present if...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-041)

The version of docker installed on the remote host is prior to 25.0.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-041 advisory. 2025-01-04: CVE-2024-36620 was added to this advisory. 2025-01-04: CVE-2024-36623 was added to this advisory...

CVE-2024-7297 Langflow Privilege Escalation

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...