CVE-2024-20283

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries t...

CVE-2024-20283

Cisco Nexus Dashboard contains an information-disclosure vulnerability (CVE-2024-20283) due to improper access controls on a specific API endpoint. An authenticated remote attacker could query the API to access metrics and deployment information for devices within the Nexus Dashboard cluster. The...

Cisco Nexus Dashboard Information Disclosure Vulnerability

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries t...

PT-2024-3859 · Cisco · Cisco Nexus Dashboard

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard affected versions not specified Description: The issue is related to insufficient access controls on a specific API endpoint, allowing a remote attacker to gain unauthorized access to protected information by sending...

CVE-2024-1522

A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...

CVE-2024-1522

A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...

CVE-2024-1522 Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...

VulnCheck KEV: CVE-2020-12124

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...

PT-2024-23336 · Shanghai Brad Technology · Bladex

Name of the Vulnerable Software and Affected Versions: Shanghai Brad Technology BladeX version 3.4.0 Description: A critical vulnerability has been found in the API component of Shanghai Brad Technology BladeX, specifically affecting an unknown function of the file /api/blade-user/export-user. Th...

PT-2024-3766 · Grafana +6 · Grafana +6

Name of the Vulnerable Software and Affected Versions: Grafana versions 9.5.0 through 9.5.17 Grafana versions 10.0.0 through 10.0.12 Grafana versions 10.1.0 through 10.1.8 Grafana versions 10.2.0 through 10.2.5 Grafana versions 10.3.0 through 10.3.4 Description: The issue is related to a Broken...

OESA-2024-1302 docker security update

Docker is an open source project to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch...

PT-2024-21447 · WordPress · Instawp Connect

Name of the Vulnerable Software and Affected Versions: InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress versions up to, and including, 0.1.0.22 Description: The issue is related to arbitrary file uploads due to insufficient file validation in the...

CVE-2024-28715

Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint...

DoraCMS Security Vulnerability

DoraCMS is a software application. A content management system written based on Nodejs + eggjs + mongodb. A security vulnerability exists in DoraCMS v.2.1.8 and earlier versions, which stems from a cross-site scripting vulnerability that allows remote attackers to execute arbitrary code via the...

PT-2024-3607 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: Open WebUI versions prior to 0.1.117 Description: The issue is related to an authenticated blind server-side request forgery vulnerability. It involves the download file stream function in the backend/apps/web/routers/utils.py file of the Ope...

The vulnerability of the setTermsHashAction method in the component /opt/webapp/lib/PureApi/CCApi.class.php allows a violator to execute arbitrary SQL queries within the GTB Central Console’s DLP system.

The vulnerability of the setTermsHashAction method in the /opt/webapp/lib/PureApi/CCApi.class.php file of the DLP system’s GTB Central Console relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL...

CVE-2024-1763

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wpsocial/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to...

PT-2024-22516 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS via the "/dede/diy edit.php" API endpoint. Recommendations: For DedeCMS version 5.7, update to a newer version that contains a fix for this issue...

Default credentials

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'getposts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft...

CVE-2023-7072

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'getposts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft...