PT-2024-6883 · Palo Alto Networks · Palo Alto Networks Expedition

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition affected versions not specified Description: An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition. This result...

PT-2024-6884 · Palo Alto Networks · Palo Alto Networks Expedition

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition affected versions not specified Description: The issue is related to the cleartext storage of sensitive information in Palo Alto Networks Expedition, allowing an authenticated attacker to reveal firewall username...

CVE-2024-8775

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...

CVE-2024-8775

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...

CVE-2024-8775 Ansible-core: exposure of sensitive information in ansible vault files due to improper logging

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...

CVE-2024-8775

CVE-2024-8775 (Ansible) : A flaw exposes sensitive data stored in Ansible Vault when a playbook loads vaulted variables (e.g., via include_vars) without enabling no_log, causing plaintext leakage in output/logs. This is the primary vulnerability described in the initial CVE record. The connected ...

CVE-2024-8775 Ansible-core: exposure of sensitive information in ansible vault files due to improper logging

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...

CVE-2024-8775

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...

CVE-2024-28100

eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...

CVE-2024-28100 Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw

eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...

PT-2024-22265 · Elabftw · Elabftw

Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.0.0 Description: The issue allows a regular user to create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application by uploading specially crafted files. Thi...

PT-2024-38870 · WordPress · Reviews Feed – Add Testimonials/Customer Reviews From Google Reviews

Name of the Vulnerable Software and Affected Versions: Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress versions 1.1.2 and earlier Description: The issue is related to a missing capability check on the update api key...

CVE-2024-42364 homepage DNS rebinding vulnerability (GHSL-2024-096)

Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...

CVE-2024-42364

CVE-2024-42364 – DNS rebinding vulnerability in Homepage 0.9.1. The default, unauthenticated setup of Homepage (0.9.1) can be abused via DNS rebinding to route requests to the internal IP of the Homepage instance, allowing an attacker-controlled site to access sensitive data (e.g., API keys) due ...

VulnCheck KEV: CVE-2024-6587

LiteLLM is vulnerable to a Server-Side Request Forgery SSRF vulnerability that exposes OpenAI API Keys...

Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks

Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send messages through multiple software-as-a-service SaaS providers using valid credentials for the service...

Dorsett Controls InfoScan < 1.38 Multiple Vulnerabilities (July 2024)

The version of Dorsett Controls InfoScan running on the remote host is prior to 1.38. It is, therefore, affected by multiple vulnerabilities: - Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys. CVE-2024-392...

CVE-2024-39287

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys...

CVE-2024-39287 Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys...

CVE-2024-39287 Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys...