508 matches found
CVE-2023-33303
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request...
Fortinet FortiSIEM Operating System Command Injection Vulnerability
Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation, and unified management. Fortinet FortiSIEM is vulnerable to an operating system command injection...
PT-2023-23657 · Neuvector · Neuvector
Name of the Vulnerable Software and Affected Versions: NeuVector versions prior to 5.2.2 Description: A user can reverse engineer the JSON Web Token JWT used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector, potentially leadi...
PT-2023-32048 · Field Logic · Field Logic Datacube4
Name of the Vulnerable Software and Affected Versions: Field Logic DataCube4 up to 20231001 Description: A problematic issue was found in the Web API component, affecting unknown code of the file /api/. This leads to improper authentication. The exploit has been disclosed to the public and may be...
PT-2023-5521 · Cisco · Cisco Dna Center
Name of the Vulnerable Software and Affected Versions: Cisco DNA Center affected versions not specified Description: A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected devic...
PT-2023-6822 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to information disclosure in the GLPI system. Exploitation of this issue may allow a remote attacker to disclose protected information. An API user can enumerate sensitive field...
The vulnerability of the application programming interface for the declarative delivery tool for GitOps for Kubernetes Argo CD lies in authentication errors, which allow a perpetrator to bypass established access controls.
The vulnerability of the application programming interface for the declarative delivery tool of GitOps for Kubernetes Argo CD is related to authentication errors. Exploiting this vulnerability allows a malicious actor to bypass established access controls...
Undefined Behavior for Input to API in Mutt
...
PT-2023-5833 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 2.28.19 JumpServer versions prior to 3.6.5 Description: The issue is related to the exposure of the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, whi...
The vulnerability of the application software interface of ASUS RT-AX55, RT-AX56U, and RT-AC86U allows a hacker to execute arbitrary code.
The vulnerability of the application software interface of ASUS RT-AX55, RT-AX56UV2, and RT-AC86U lies in the use of uncontrolled format strings. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially created data...
Vulnerability of the software interface of the XWiki platform for creating collaborative web applications. The XWiki platform allows a perpetrator to execute arbitrary code.
The vulnerability of the software interface of the XWiki Platform for creating collaborative web applications is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability may allow a malicious actor, operating remotely, to execute arbitrary code...
CVE-2023-37486
Under certain conditions SAP Commerce OCC API - versions HYCOM 2105, HYCOM 2205, COMCLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and...
PT-2023-20641 · Ox Chat · Ox Chat
Name of the Vulnerable Software and Affected Versions: OX Chat affected versions not specified Description: The issue arises from the "OX Chat" web service not specifying a media-type when processing responses from external resources, allowing malicious script code to be executed within the...
PT-2023-12396 · Osnexus · Quantastor
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows an authenticated administrator to remotely execute arbitrary shell commands via the API. This could potentially lead to unauthorized access and control of the syste...
DEBIAN-CVE-2023-33466
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...
It-novum OpenITCOCKPIT SQL注入漏洞
It-novum OpenITCOCKPIT is an open source system monitoring tool from It-novum, Germany. A security vulnerability exists in it-novum openITCOCKPIT, which originates from an SQL injection via the sort parameter of the API interface...
The vulnerability of the application software interface of D-Link DIR-2150 router software allows a hacker to circumvent existing security restrictions.
The vulnerability of the application software interface for D-Link DIR-2150 routers is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...
The vulnerability of the application software interface of Rockwell Automation’s ThinManager, related to insufficient encryption strength, allows a perpetrator to compromise the target system.
The vulnerability of the application software interface of Rockwell Automation’s ThinManager platform relates to insufficient encryption strength. Exploiting this vulnerability could allow a malicious actor to compromise the target system remotely...
PT-2023-22103 · Hid · Hid Safe
Name of the Vulnerable Software and Affected Versions: HID’s SAFE versions 5.8.0 through 5.11.3 Description: The External Visitor Manager portal of HID’s SAFE is vulnerable to manipulation within web fields in the application programmable interface API. An attacker could log in using account...
CVE-2023-33355
IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information...