393 matches found
CVE-2024-0964
A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...
CVE-2024-0964
A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...
CVE-2024-0964 LFI in Gradio
A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...
Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets
CVE-2023-27163 !WARNING This is an educational projec...
Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets
Proof Of Concept of SSRF on Request-Baskets CVE-2023-27163...
TikTok: Exploitable live argument in onClick Function leads to Data Leakage of Inactive/Suspended Products
The "Search Product" function in the TikTok Shop Seller API contained a vulnerability that allowed access to inactive or suspended products by manipulating the "live" parameter in the API request. The vulnerability was reported to the team and remediated...
CVE-2023-6847
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode...
Authentication flaw
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode...
Fortinet FortiProxy,FortiOS,FortiPAM Formatting String Error Vulnerability
Fortinet FortiProxy is a secure network proxy from Fortinet that protects employees from cyberattacks by combining multiple detection technologies such as Web filtering, DNS filtering, DLP, anti-virus, intrusion prevention, and advanced threat protection.FortiProxy helps reduce bandwidth...
CVE-2023-32230
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service DoS situation...
Input validation
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service DoS situation...
MLFlow Security Vulnerability
Mlflow is an open source platform for the machine learning lifecycle. A security vulnerability exists in MLFlow version 2.8.1 and prior versions. A remote attacker exploited the vulnerability to obtain sensitive information via a specially crafted REST API request...
Fortinet FortiSIEM Command Execution Vulnerability (CNVD-2024-13756)
Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation and unified management. Fortinet FortiSIEM suffers from a command execution vulnerability that stem...
CVE-2023-26453
CVE-2023-26453 affects the Open-Xchange App Suite imageconverter service. The vulnerability allows SQL injection by crafting requests to cache an image, with arbitrary SQL statements executed in the context of the service database user. Exploitation requires access to adjacent networks of the ima...
CVE-2023-33303
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request...
Design/Logic Flaw
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request...
CVE-2023-33303
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request...
CVE-2023-33303
Fortinet FortiEDR is affected: FortiEDR 5.0.0–5.0.1 suffers from insufficient session expiration, enabling an attacker to run unauthorized code or commands via API requests. The PT-2023-6014 entry notes the issue, with no fixed version specified and recommends mitigating by restricting API access...
CVE-2023-33303
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request...
PT-2023-6014 · Fortinet · Fortiedr
Name of the Vulnerable Software and Affected Versions: Fortinet FortiEDR versions 5.0.0 through 5.0.1 Description: The issue is related to insufficient session expiration in Fortinet FortiEDR, which can be exploited by an attacker to execute unauthorized code or commands via an API request. This...