6 matches found
PT-2026-36159
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...
PT-2025-44426
Name of the Vulnerable Software and Affected Versions mCarFix Motorists App version 2.3 Description The mCarFix Motorists App has improper access control issues. An attacker can bypass verification to create accounts and, by manipulating sequential numeric IDs, gain unauthorized access to user da...
CVE-2024-49765 Bypass of Discourse Connect using other login paths if enabled in Discourse
Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to...
PT-2023-10306 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions 8 through 9.0.1 JetBrains TeamCity version 9.0.2 is not affected, so only versions prior to 9.0.2 are considered vulnerable. Description: The issue allows bypass of account-creation restrictions via a crafted...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build problem analysis reports. A security vulnerability exists in JetBrains TeamCit...
mediawiki -- multiple vulnerabilities
Mediawiki reports: Bug 39700 Wikipedia administrator Writ Keeper discovered a stored XSS HTML injection vulnerability. This was possible due to the handling of link text on File: links for nonexistent files. MediaWiki 1.16 and later is affected. Bug 39180 User Fomafix reported several DOM-based X...