The vulnerability of the application software interface of Rockwell Automation’s PowerMonitor 1000 device for monitoring and controlling electrical networks allows a perpetrator to gain full access to the device.

The vulnerability of the application software interface of Rockwell Automation’s PowerMonitor 1000 monitoring and control device lies in the ability to create a privileged user bypassing the authentication mechanism. Exploiting this vulnerability could allow an intruder to gain full access to the...

ThreatQuotient ThreatQ 安全漏洞

ThreatQuotient ThreatQ is a threat intelligence platform from ThreatQuotient, Inc. A security vulnerability exists in ThreatQuotient ThreatQ versions prior to 5.29.3 that originates from an authenticated user being able to execute arbitrary commands by sending a crafted request to an API endpoint...

Chunghwa Telecom topm-client 安全漏洞

Chunghwa Telecom topm-client is an application from Chunghwa Telecom Taiwan, China. A security vulnerability exists in Chunghwa Telecom topm-client versions 0.3.14 through 0.3.17, which stems from the presence of arbitrary file reading and lack of CSRF protection, as well as a relative path...

Teltonika RUTOS 安全漏洞

Teltonika RUTOS is an OpenWrt-based unified operating system from Teltonika. A security vulnerability exists in Teltonika RUTOS that stems from incorrect privilege handling. A lower-privileged attacker with default privileges can exploit the vulnerability to access critical device resources via...

Pad Credit Card Info to Protect Customers' Wallets

We take a look at a recently-assessed API, to see how it avoided the problem that helped the Allies beat the Axis powers in World War II...

The vulnerability of the application software interface of the Cisco Unified Computing System’s servers—Cisco UCS B-Series, Managed C-Series, and X-Series—is related to the failure to implement measures to neutralize specific elements. This allows attackers to execute arbitrary code and elevate their privileges to the root level.

The vulnerability of the application software interface of the Cisco Unified Computing System’s servers—Cisco UCS B-Series, Managed C-Series, and X-Series—is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute...

PT-2024-9481 · Advantech · Advantech Eki-6333Ac-2G +1

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: The issue exists due to the lack of neutralization of special elements us...

The vulnerability of the Device OAuth protocol implementation on the software platform based on git for collaborative code development in GitLab EE/CE allows a perpetrator to gain unauthorized access to the API.

The vulnerability of the Device OAuth protocol implementation on the software platform based on Git for collaborative code development in GitLab EE/CE is related to an incorrect restriction on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor,...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 16.0 to 17.5.2. The vulnerabilities are in multiple versions of GitLab CE/EE and allow malicious actors to gain unauthorized full API access via the Device OAuth flow. This can lead to serious implications for organization...

Nextcloud 信息泄露漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an information disclosure vulnerability that stems from the fact that after setting up user- or administrator-defined external storage...

The vulnerability of the application software interface of the Cisco Nexus Dashboard Fabric Controller (NDFC) allows a attacker to access the internal database.

The vulnerability of the application software interface of the Cisco Nexus Dashboard Fabric Controller NDFC relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to gain access to the internal database by sending...

Brokerage Aero 安全漏洞

Brokerage Aero is a frontend product from Brokerage, Inc. A security vulnerability exists in versions prior to Brokerage Aero 120820241550 that stems from an incorrect implementation of the OTP authentication mechanism in the API endpoint, which allows an attacker to bypass OTP authentication to...

Brokerage Wave 安全漏洞

Brokerage Wave is a frontend product from Brokerage, Inc. A security vulnerability exists in Brokerage Wave version 2.0, which stems from a lack of authorization checking on certain API endpoints, which could allow a remote attacker to manipulate the parameter userid via the API request URL to...

The vulnerability of the application software interface of the operating system PAN-OS allows a perpetrator to enhance their privileges.

The vulnerability of the application programming interface of the PAN-OS operating system is related to insecure management of privileges. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

MangoOS 安全漏洞

MangoOS is an open source JavaScript object-oriented programming library from Automattic. A security vulnerability exists in MangoOS versions prior to 5.1.4 and Mango API versions prior to 4.5.5, which originates from an arbitrary file upload and allows attackers to execute arbitrary code via a...

ZimaOS 信息泄露漏洞

ZimaOS is an open source operating system project from IceWhaleTech that aims to provide a lightweight, high-performance, secure operating system environment. An information disclosure vulnerability previously existed in ZimaOS version 1.2.4, which stemmed from an API endpoint in ZimaOS that woul...

PT-2024-33279 · Zimaos · Zimaos

Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue concerns improper input validation in the ZimaOS API endpoint http:///v3/file?token=&files=, allowing authenticated users to read sensitive system files by manipulating the files...

Foreman 信息泄露漏洞

Foreman is Foreman's open source set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. An information disclosure vulnerability exists in versions prior to Foreman 3.3, whi...

CVE-2024-47653

This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to...

The vulnerability of the application software interface of the backup and recovery software for Veeam Service Provider Console (VSPC) for remote and cloud customers allows a perpetrator to execute arbitrary code.

The vulnerability of the application software interface for data backup and restoration solutions for Veeam Service Provider Console VSPC remote and cloud customers is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...