256 matches found
WordPress Plugin WordPress Access Control Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress Plugin LearnDash LMS Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
GHSA-PXMR-Q2X3-9X9M Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
Summary The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sendi...
CVE-2023-51451
Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via...
Code injection
Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via...
CVE-2023-51451 SSRF in symbolicator via invalid protocol
Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via...
PT-2023-31834 · Unknown +1 · Symbolicator +1
Name of the Vulnerable Software and Affected Versions: Symbolicator versions 0.3.3 through 21.12.1 Description: The issue allows an attacker to make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could...
Quarkus Security Vulnerabilities
Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from when a request is received via websocket and role-based permissions are not specified on a GraphQL operation, Quarkus processes the request without...
PT-2023-7024 · Nautobot · Nautobot
Name of the Vulnerable Software and Affected Versions: Nautobot versions 2.0.0 through 2.0.2 Description: The issue concerns the exposure of hashed user passwords in Nautobot's REST API endpoints when the ?depth= query parameter is used. This affects any authenticated user with access to these...
CVE-2023-46288 Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...
GHSA-MQ6F-5XH5-HGCF Harbor timing attack risk
In the Harbor jobservice container, the comparison of secrets in the authenticator type is prone to timing attacks. The vulnerability occurs due to the following code: https://github.com/goharbor/harbor/blob/aaea068cceb4063ab89313d9785f2b40f35b0d63/src/jobservice/api/authenticator.goL69-L69 To...
2.6 million DuoLingo users have scraped data released
An unknown party has released the scraped data of 2.6 million DuoLingo users on a hacking forum. While they offered the data set for sale in January for $1,500, it's now been released on a new version of the Breached hacking forum for 8 site credits, worth only $2.13. DuoLingo is an educational...
DEBIAN-CVE-2023-32082
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
CVE-2023-31478
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key...
SUSE CVE-2018-5131
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
PT-2023-8517 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev78 Description: The issue is related to a Cross-Site Request Forgery CSRF attack. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities. Any API...
CVE-2022-3644
The collection remote for pulpansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API instead of marking it as write only...
Jenkins allows Unauthorized Viewing of Queue API Information
Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...
GHSA-R9FV-QPM9-RJ4G Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This...
Exposed Dangerous Method or Function
An API-exposure flaw was found in cobbler, where it exported CobblerXMLRPCInterface private functions over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain important privileges within cobbler, as well as upload files to an arbitrary location in the daemon context...