Firecrawl 代码问题漏洞

Firecrawl is an open source AI web crawler tool from Mendable.ai. A code issue vulnerability exists in Firecrawl versions prior to 1.1.1, which stems from the presence of a server-side request forgery SSRF vulnerability that allows for the disclosure of local network resources via the API...

PT-2024-35952 · Unknown · Centurion Erp

Name of the Vulnerable Software and Affected Versions: Centurion ERP versions prior to 1.3.1 Description: A user with view permissions for a ticket can view the tickets of another organization they are not a part of, if they have specific permissions such as view ticket change, view ticket...

JDK: Integer conversion error leads to incorrect range check (8332644)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracl...

PT-2024-10326 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert versions 1.0.0 through 1.0.2 Description: The issue is related to sensitive information disclosure through specially crafted API calls. It is associated with insufficient protection of service data due to the use of incompatible...

UBUNTU-CVE-2024-5005

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...

UBUNTU-CVE-2024-21145

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1;...

OpenJDK: potential UTF8 size overflow (8314794)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

PT-2024-28623 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: ZITADEL versions 2.0.0 through 2.53.7 ZITADEL versions 2.54.0 through 2.54.4 ZITADEL versions 2.55.0 through 2.55.0 Description: ZITADEL is an open-source identity infrastructure tool that provides users the ability to list all user sessions ...

PT-2024-27347 · Skyscrape · Skyscrape

Name of the Vulnerable Software and Affected Versions: SkyScrape version 1.0.0 Description: The issue concerns unsecured HTTP requests in SkyScrape's API, potentially exposing users' temporary credentials and data. Recommendations: For version 1.0.0, consider disabling the use of unsecured HTTP...

CVE-2024-0910

The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.6 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract...

PT-2024-15951 · WordPress · Buddypress Members Only

Name of the Vulnerable Software and Affected Versions: BuddyPress Members Only plugin for WordPress versions up to, and including, 3.3.5 Description: The issue allows unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest" feature and view...

4BRO Insecure Direct Object Reference / API Information Exposure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Broken access control & API Information Exposure product: 4BRO App vulnerable version: before 2024-04-17 fixed version: 2024-04-17 CVE number: - impact: Critical homepage...

WordPress plugin Content Control 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-15691 · WordPress · The Content Control – The Ultimate Content Restriction Plugin

Name of the Vulnerable Software and Affected Versions: The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress versions up to, and including, 2.1.0 Description: The plugin is vulnerable to Sensitive Information Exposur...

PT-2024-18028 · WordPress · Cgc Maintenance Mode

Name of the Vulnerable Software and Affected Versions: CGC Maintenance Mode plugin for WordPress versions up to, and including, 1.2 Description: The issue allows unauthenticated attackers to view protected posts via the REST API, even when maintenance mode is enabled. This is possible due to...

OpenJDK: range check loop optimization issue (8314307)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

CVE-2024-0620

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for...

WordPress Plugin Coming Soon Maintenance Mode Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin PPWP Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

CVE-2024-1476

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mo...