508 matches found
The vulnerability of the application software interface of the microprogramming system for network storage from Western Digital MyCloud PR4100 allows a perpetrator to execute arbitrary code.
The vulnerability of the application software interface for Western Digital MyCloud PR4100 network storage systems is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the application programming interface of the IAM and SSO Casdoor platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the application programming interface of the IAM and SSO Casdoor platform relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected...
Saleor 安全漏洞
Github saleor is a headless GraphQL commerce platform that delivers a super-fast, dynamic, personalized shopping experience. Beautiful online store, anywhere, on any device. Saleor suffers from a security vulnerability that stems from some internal exceptions that are not handled correctly and ar...
SUSE CVE-2014-8183
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations...
SUSE CVE-2015-2941
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
SUSE CVE-2021-36783
A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...
The vulnerability of the application software interface for microprogrammed control devices in AMI MegaRAC allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the application software interface for AMI MegaRAC controllers is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
CVE-2022-34350
IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...
CVE-2022-48023
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...
Argo CD 安全漏洞
Argo is an open source container-native workflow engine.ArgoCD is an application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository,...
PT-2022-6244 · Ami · Ami Megarac
Name of the Vulnerable Software and Affected Versions: AMI MegaRAC affected versions not specified Description: The issue is related to insufficient protection of service data in the implementation of the application programming interface of the AMI MegaRAC firmware controllers for remote...
Simmeth System Supplier Manager 路径遍历漏洞
Simmeth System Supplier Manager is a supply chain software from Simmeth System, a German company, and an arbitrary file download vulnerability exists in versions prior to Simmeth System Supplier Manager 5.6, which can be exploited by attackers to download arbitrary files from a web server by...
The vulnerability of the API interface of the Cisco Meeting Server platform allows a hacker to trigger a service failure.
The vulnerability of the Cisco Meeting Server’s API interface relates to insufficient validation of input data during request processing. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially crafted requests...
CVE-2022-41607
All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior’s application programmable interface API is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords,...
Delta Electronics DIAEnergie 跨站脚本漏洞
Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. A securi...
PT-2022-26708 · Tenda · Tenda Tx3
Name of the Vulnerable Software and Affected Versions: Tenda TX3 version US TX3V1.0br V16.03.13.11 multi TDE01 Description: A stack overflow issue was discovered via the list parameter at the "/goform/SetVirtualServerCfg" API endpoint. Recommendations: For Tenda TX3 version US TX3V1.0br...
Octopus Server 安全漏洞
Octopus Server is an automated deployment platform. Octopus Server suffers from a security vulnerability that stems from its insecure direct object references IDORs that may leak team information through the API...
Zyxel CloudCNM SecuManager 安全漏洞
Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which stems from an...
CVE-2022-22526
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API...
Cisco Webex Meetings App Character Interface Manipulation (cisco-sa-webex-app-qrtO6YC2)
A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character...