The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution allows a hacker to bypass the authentication process.

The vulnerability of cloud-based software for creating and using Nextcloud Server lies in accessing an active session of another user, by sending calls directly to the API without requiring a password confirmation. Exploiting this vulnerability allows a malicious actor to bypass the authenticatio...

Malicious code in Chronos.Platform.Linux.API (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Basisregisters.PublicServicеRegistry.Aрi.Backoffice (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Basisregistеrs.PаrсеlRegistry.Api.Legacy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderеn.Basisregіsters.RoaԁRegistry.BackOffiсe.Api (NuGet)

--- -= Per source details. Do not edit below this line.=-...

CraftCMS Security Vulnerability

CraftCMS is a content management system from CraftCMS, Inc. A security vulnerability exists in CraftCMS version v3.7.31 and earlier versions. An attacker exploited the vulnerability to perform a SQL injection attack via a GraphQL API endpoint...

The vulnerability of the application programming interface of the software management tool allows a hacker to enhance their privileges.

The vulnerability of the application programming interface of the software management tool regarding identity verification and access control is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to enhance their privileges ...

CVE-2024-24554

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API...

Bludit Security Breach

Bludit is an open source, lightweight blog content management system CMS. A security vulnerability exists in Bludit that stems from the use of predictable methods combined with the MD5 hash algorithm to generate sensitive tokens that allow an attacker to authenticate against the Bludit API...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures through specially created API requests...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from the possibility that certain APIs Application Programming Interfaces may send HTTP requests to the multifunction device without...

Dell Secure Connect Gateway Access Control Error Vulnerability

Dell Secure Connect Gateway is a secure connectivity gateway from Dell USA. An access control error vulnerability exists in Dell Secure Connect Gateway versions prior to 5.24.00.00, which stems from an improperly access-controlled internally maintained REST API that could be exploited by a remote...

CVE-2024-28022

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account...

WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Broken Access Control on API vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Master Addons for Elementor versions = 2.0.5.4.1...

DRUPAL-CONTRIB-2024-022

Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider...

PT-2024-3967 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.03.2 Description: The issue is related to insufficient authorization procedures in JetBrains TeamCity, a continuous integration and continuous delivery CI/CD system. This allows a remote attacker to...

Nautobot 安全漏洞

Nautobot is a web automation platform by the individual developers of Nautobot. Nautobot has a security vulnerability that stems from a mismanagement of privileges vulnerability in the Nautobot dynamic-group-members UI and REST API. Affected products and versions: Nautobot versions 1.3.0 through...

Cyber Power Systems PowerPanel Enterprise 安全漏洞

Cyber Power Systems PowerPanel Enterprise is a software program from Cyber Power Systems designed to provide real-time PUE, PUE trends, and total energy usage trends. A security vulnerability previously existed in Cyber Power Systems PowerPanel Enterprise v2.8.3, which stemmed from an...

Aruba Networks ArubaOS 和 InstantOS 安全漏洞

Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc.Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches. Aruba Networks InstantOS is an Arch Linux-based distribution...

PT-2024-24113 · Hewlett Packard +1 · Aos-8 Instant/Aos-10 Ap +4

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Unauthenticated Denial of Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these...