800 matches found
CVE-2024-7048
Open-WebUI open-webui v0.3.8 contains an improper privilege management flaw in API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc, enabling a lower-privileged user to view and overwrite admin-owned files, risking integrity and availability of RAG models. Root cause: insufficient access...
CVE-2024-7048 IDOR in open-webui/open-webui
In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this...
CVE-2024-47657
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs which could lead to unauthorized access to sensitive...
CVE-2024-47657
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs which could lead to unauthorized access to sensitive...
CVE-2024-47653
This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to...
CVE-2024-47657
Shilpi Net Back Office is affected by CVE-2024-47657 due to improper access controls on API endpoints. An authenticated remote attacker could manipulate the dfclientid parameter in API request URLs to gain unauthorized access to other users’ sensitive information. Connected documents confirm this...
CVE-2024-47657 Improper Access Control Vulnerability
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs which could lead to unauthorized access to sensitive...
CVE-2024-47653 Missing Authorization Vulnerability
This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to...
CVE-2024-20442
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...
Cisco Nexus Dashboard和Nexus Dashboard Fabric Controller 安全漏洞
Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller are both products of Cisco, Inc.Cisco Nexus Dashboard is a single console. The Cisco Nexus Dashboard is a single console that simplifies the operation and management of data center networks.The Cisco Nexus Dashboard Fabric Controll...
PT-2024-39418 · Unknown · Blood Bank System
Name of the Vulnerable Software and Affected Versions: Blood Bank System version 1.0 Description: A problematic issue was found in the Blood Bank System, affecting unknown parts of the bbms.php file. The manipulation of the fullname, age, bloodgroup, city, phno, and gender arguments as part of a...
CVE-2024-47086
This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API...
CVE-2024-47086
Apex Softcell LD DP Back Office is affected by CVE-2024-47086 due to improper OTP validation in certain API endpoints. The vulnerability allows an authenticated remote attacker to supply arbitrary OTP values, potentially bypassing OTP verification for other user accounts and altering API response...
CVE-2024-45787
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the AP...
CVE-2024-45788
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP...
CVE-2024-45787
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the AP...
CVE-2024-45788
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP...
CVE-2024-45786
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive...
CVE-2024-45787 Information Disclosure Vulnerability
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the AP...
CVE-2024-45787 Information Disclosure Vulnerability
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the AP...