PT-2024-18651 · Zenml Io · Zenml

Name of the Vulnerable Software and Affected Versions: zenml-io/zenml version 0.55.3 Description: An improper authorization issue exists in the zenml-io/zenml repository, specifically within the API "PUT /api/v1/users/id" endpoint. This issue allows any authenticated user to modify the informatio...

PT-2024-19294

Name of the Vulnerable Software and Affected Versions Harbor versions 2.8.1 through 2.8.5 Harbor versions 2.9.0 through 2.9.3 Harbor versions 2.10.0 through 2.10.1 Description A SQL Injection issue allows users with administrator, project admin, or project maintainer roles to execute any Postgres...

CVE-2024-36108

casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR 201 which is pending merge. An attacker could use id paramet...

CVE-2024-36108 Multiple Broken Function-Level Authorization vulnerabilities in casgate

casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR 201 which is pending merge. An attacker could use id paramet...

CVE-2024-36108 Multiple Broken Function-Level Authorization vulnerabilities in casgate

casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR 201 which is pending merge. An attacker could use id paramet...

The vulnerability of the Cisco Nexus Dashboard, a platform for analytics and automation of cloud computing data centers, stems from deficiencies in access control. This allows unauthorized individuals to gain unauthorized access to protected information.

The vulnerability of the Cisco Nexus Dashboard analytics and cloud-based data center automation platform is related to deficiencies in access control to the final API endpoint. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by sending...

PT-2024-26234 · F Logic · F-Logic Datacube3

Name of the Vulnerable Software and Affected Versions: F-logic DataCube3 version 1.0 Description: The issue concerns a file upload vulnerability via the /admin/transceiver schedule.php API endpoint. This allows for potential malicious file uploads. No information is provided about the estimated...

PT-2024-36060 · Unknown · Phpmybackuppro

Name of the Vulnerable Software and Affected Versions: PhpMyBackupPro version 2.3 Description: A vulnerability has been discovered that could allow an attacker to execute XSS through the "/phpmybackuppro/scheduled.php" API endpoint, utilizing all parameters. This issue could enable an attacker to...

CVE-2024-34029

Mattermost versions 9.5.x /channels//link endpoint which allows a user to learn the members of an AD/LDAP group that is linked to a team by adding the group to a channel, even if the user has no access to the team...

CVE-2024-34029 AD/LDAP Group Members Leak

Mattermost versions 9.5.x /channels//link endpoint which allows a user to learn the members of an AD/LDAP group that is linked to a team by adding the group to a channel, even if the user has no access to the team...

Debezium UI 2.5 Credential Disclosure

Exploit Title: Debezium UI - Credential Leakage Google Dork: N/A Date: 2024-03-11 Exploit Author: Ihsan Cetin, Hamza Kaya Toprak Vendor Homepage: https://debezium.io/ Software Link: N/A Version: 2.5 REQUIRED Tested on: N/A CVE : CVE-2024-28736 Proof of concept: Details Debezium-ui version 2.5 is...

PT-2024-26473 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: A stack overflow issue was discovered via the http host parameter in the loginAuth function. Recommendations: For TOTOLINK LR350 version 9.3.5u.6369 B20220309, as a temporary workaroun...

PT-2024-26547 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /admin/ca deal.php component. The API Endpoint "/admin/ca deal.php" is vulnerable, specifically with parameters mudi=del and empty dataType and...

PT-2024-26543 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in idccms via the component "/admin/vpsApi deal.php?mudi=rev&nohrefStr=close". This issue allows for unauthorized requests to be made on behalf of the use...

"Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit

Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service DoS, information disclosure, or remote code execution. The vulnerability, tracked as CVE-2024-4323, has been codenamed...

CVE-2024-2782 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...

EUVD-2024-27715

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...

PT-2024-26226 · Eramba · Eramba

Name of the Vulnerable Software and Affected Versions: Eramba Community versions prior to 3.22.0 Description: A bug was found in the /attachments/attachments/download/ API endpoint, allowing arbitrary file download due to a lack of user permission checks. This issue is related to an Insecure Dire...

PT-2024-25521 · Linqi · Linqi

Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue was discovered in linqi, where there is a potential XSS vulnerability in the "/api/DocumentTemplate/GUID" API endpoint. Recommendations: For versions prior to 1.4.0.1, update to version...

PT-2024-25518 · Linqi · Linqi

Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue was discovered in linqi, allowing local file inclusion via the /api/Cdn/GetFile API endpoint. Recommendations: For versions prior to 1.4.0.1, update to version 1.4.0.1 or later to resolve...