Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type

TL;DR This vulnerability affects Kirby sites that use the new link field and output the entered link without additional validation or sanitization. The attack commonly requires user interaction by another user or visitor. The link dialog of the writer field is not affected as the writer field...

Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products

Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 CVSS score:...

Fortinet Fortigate Format String Bug in HTTPSd (FG-IR-23-138)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-138 advisory. - A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10,...

CVE-2024-24593

A cross-site request forgery CSRF vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to...

Allegro Cross-Site Request Forgery Vulnerability

Allegro is a cross-platform library open-sourced by Allegro primarily for video game and multimedia programming. A cross-site request forgery vulnerability exists in Allegro AI ClearML. A remote attacker can use this vulnerability to impersonate a user by sending API requests via maliciously...

CVE-2024-23109

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

CVE-2024-23108

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

CVE-2024-23108

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

CVE-2024-23108

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

Command injection

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute...

CVE-2024-23108

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

CVE-2024-23108

CVE-2024-23108 relates to an OS command injection in Fortinet FortiSIEM. Multiple connected sources confirm an improper neutralization of special elements in FortiSIEM API handling, enabling an unauthenticated attacker to execute arbitrary commands remotely. Affected FortiSIEM versions span 6.4.0...

CVE-2024-23108

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

CVE-2024-23109

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

CVE-2024-23109

CVE-2024-23109 is a Fortinet FortiSIEM OS command injection vulnerability caused by improper neutralization of special elements in API requests, enabling remote code execution. Connected sources confirm FortiSIEM as the affected product and describe exploitation via crafted API calls. Affected ve...

CVE-2024-23109

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

Security Bulletin: IBM OpenPages Is Vulnerable to Security Checks bypass (CVE-2023-40683)

Summary A vulnerability caused by insufficient authorization checks of API requests by an authorized user is addressed. Vulnerability Details CVEID:CVE-2023-40683 DESCRIPTION: IBM OpenPages could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. B...

GitHub Enterprise Server Authorization Issues Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.9.7, prior ...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

basketcraft this is a script that exploits the CVE-2023-27163...

CVE-2023-49706

Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with...