The vulnerability of the application programming interface of the Spring Cloud Skipper package management server allows a perpetrator to write any files they desire.

The vulnerability of the Spring Cloud Skipper package manager’s application interface involves unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to write any files they desire...

CVE-2024-28969

Dell SCG prior to version 5.24.00.00 contains an Improper Access Control vulnerability in an internal update REST API that is only accessible if enabled by an Admin from the UI. A remote low-privileged attacker could potentially trigger this API and cause execution of certain admin-only APIs agai...

Race condition in zenml

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of...

CVE-2024-5550

In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead...

CVE-2024-2032

CVE-2024-2032 concerns ZenML up to version 0.55.3, where a race condition allows creating multiple users with the same username when requests are processed in parallel. The issue arises from insufficient handling of concurrent user creation, leading to data inconsistencies and potential authentic...

CVE-2024-20883

Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...

CVE-2024-20884

Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...

Exposure Of Sensitive Information To An Unauthorized Actor

Mattermost is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to a lack of proper authorization checks in the /api/v4/groups//channels//link endpoint, allowing users to learn members of an AD/LDAP group linked to a team by adding the group to a...

CVE-2024-35182

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

PT-2024-35604 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP - CRM version 9.0.1 Description: The issue allows a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database. This is achieved through the parameters sortorder an...

VulnCheck KEV: CVE-2024-2782

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...

WordPress Gutenify plugin <= 1.4.0 - Sensitive Data Exposure via API vulnerability

Sensitive Data Exposure via API vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Gutenify versions = 1.4.0...

CVE-2024-28148

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...

Contact Form to Any API < 1.1.9 - Authenticated (Subscriber+) SQL Injection

Description The Contact Form to Any API plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.1.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticate...

PT-2024-3315 · Linksys · Linksys E5600

Name of the Vulnerable Software and Affected Versions: Linksys E5600 version 1.1.0.26 Description: The issue is related to a command injection vulnerability in the /API/info endpoint of the Linksys E5600 router's firmware. This vulnerability is caused by the failure to neutralize special elements...

CVE-2023-41183

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-32816 WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78...

CVE-2024-32816 WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78...

WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability

Sensitive Data Exposure via API vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.78...

UBUNTU-CVE-2024-21085

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability...