Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 10.11.0 that stems from the ability to edit data extracts on the API...

PT-2024-24114 · Hewlett Packard +1 · Aos-8 Instant/Aos-10 Ap +4

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Unauthenticated Denial of Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3167 Improper handling of data in Mail CWE-231 - CVE-2024-31397 CyVDB-3221 Improper restriction on the output of some API CWE-201 - CVE-2024-31398 CyVDB-3238 Excessive resource consumption in Mai...

F5 BIG-IP SQL注入漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A SQL injection vulnerability exists in F5 BIG-IP Next Central Manager, which can be exploited by an attacker to send crafted...

Open-Xchange App Suite 安全漏洞

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite version 8.21 and earlier, which stems from a cross-site scripting XSS vulnerability that originates from the presence of a cross-site...

CVE-2024-33513

Unauthenticated Denial-of-Service DoS vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad versions prior to 6.3.0, which stems from a user with customer access rights to a ticket being able to access the ticket's time statistic details via the API...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability that stems from an inability to remove detailed error messages from API requests. An attacker could exploit this vulnerability to obtain...

Siemens SINEC NMS 路径遍历漏洞

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A path traversal vulnerability exists in Siemens SINEC NMS versions...

CVE-2023-52541

Authentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

The vulnerability of the Google Sheets platform for monitoring and observation by Grafana involves the generation of error messages containing confidential information, which allows attackers to gain access to confidential data.

The vulnerability of the Google Sheets platform for monitoring and observation by Grafana involves improper handling of error messages, which potentially exposes key Google Sheets API details. Exploiting this vulnerability could allow an attacker to gain access to confidential data remotely...

PT-2024-2667

Name of the Vulnerable Software and Affected Versions Flowmon versions prior to 11.1.14 and 12.3.5 Description A command injection vulnerability has been identified in Flowmon, allowing an unauthenticated user to gain entry to the system via the management interface and execute arbitrary system...

The vulnerability of the CRI-O Container Engine’s application programming interface allows a attacker to disclose confidential information or alter arbitrary data.

The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, is related to improper access control. Exploiting this vulnerability can allow an attacker to disclose confidential information or alte...

WordPress Plugin Contact Form to Any API SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

DEBIAN-CVE-2024-28233

JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API...

WordPress Plugin Coming Soon & Maintenance Mode by Colorlib Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2024-0687

The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API...

The vulnerability of the application programming interface of the Grafana data visualization web tool allows a perpetrator to gain unauthorized access to limited functions.

The vulnerability of the application programming interface of the Grafana data visualization web tool is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to limited functions...

PYSEC-2024-245

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk...

ATSUMI Electric OET-213H-BTS1 Security Vulnerability

The ATSUMI Electric OET-213H-BTS1 is a temperature detection device from ATSUMI Electric. ATSUMI Electric OET-213H-BTS1 suffers from a security vulnerability that originates from allowing an unauthenticated attacker to execute the API...