Apex Softcell LD Geo 安全漏洞

Apex Softcell LD Geo is an application from Apex Softcell. Apex Softcell LD Geo has a security vulnerability that stems from improper validation of transaction token IDs in the API endpoint...

CVE-2024-45790

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to...

CVE-2024-35151

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs...

Changing TCBServiSign 安全漏洞

Changing TCBServiSign is a cross-platform security control component from Changing, China. A security vulnerability exists in Changing TCBServiSign versions prior to 1.0.24.0318, which stems from a specific API that does not correctly validate the length of server-side inputs, and allows an...

Xibo CMS SQL注入漏洞

Xibo CMS is an open source content management system from Xibo Digital Signage. Xibo CMS suffers from a SQL injection vulnerability that originates from allowing authenticated users to obtain and modify arbitrary data from the database by injecting specially crafted values into the API...

WordPress Tablesome plugin <= 1.0.33 - Sensitive Data Exposure via API vulnerability

Sensitive Data Exposure via API vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Tablesome versions = 1.0.33...

PT-2024-24281 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.0 LTS through 9.3 CD Description: The issue is caused by an error processing messages when an API Exit using MQBUFMH is used, leading to a denial of service attack in certain configurations. Recommendations: For IBM MQ...

PT-2024-20446

Name of the Vulnerable Software and Affected Versions Bludit affected versions not specified Description The issue concerns the use of predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens, such as the API token and the user token. This allows attackers to...

PT-2024-21673 · Toshiba · Toshiba Printers

Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue concerns a time-based blind XML External Entity XXE vulnerability in the XML parsing library used by the API endpoint of Toshiba printers. This vulnerability can be...

CVE-2024-37163 SkyScrape Secure API Requests

SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0...

The vulnerability of the application software interface of the microprogramming system for programmable logic controllers AutomationDirect P3-550E allows a intruder to trigger a service failure.

The vulnerability of the application software interface for Microprogramming Systems, AutomationDirect P3-550E, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the application software interface of the microprogramming system for programmable logic controllers AutomationDirect P3-550E allows a intruder to trigger a service failure.

The vulnerability of the application software interface for Microprogramming Systems, AutomationDirect P3-550E, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the application software interface of the microprogramming system for programmable logic controllers AutomationDirect P3-550E allows a intruder to trigger a service failure.

The vulnerability of the application software interface for Microprogramming Systems, AutomationDirect P3-550E, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

AZL-68069 CVE-2024-36951 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: range check cp bad op exception interrupts Due to a CP interrupt bug, bad packet garbage exception codes are raised. Do a range check so that the debugger and runtime do not receive garbage codes. Update the user api ...

PT-2024-26504 · Irontec +1 · Sngrep +1

Name of the Vulnerable Software and Affected Versions: Irontec Sngrep version 1.8.1 Description: The issue is a heap buffer overflow that can be triggered via the rtp check packet function, located at /sngrep/src/rtp.c. This allows attackers to cause a Denial of Service DoS by sending a crafted S...

PT-2024-7078 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 11.4 through 17.2.8 GitLab EE/CE versions 17.3 through 17.3.4 GitLab EE/CE versions 17.4 through 17.4.1 Description: The issue is related to errors in the representation of given functions in the GitLab platform, allowin...

Paperless-ngx 安全漏洞

Paperless-ngx is a document management system from paperless-ngx open source. A security vulnerability exists in Paperless-ngx versions 2.5.0 through 2.8.6, which stems from remote user authentication allowing API access even when API access is explicitly disabled...

PT-2024-22285 · Phoenix Contact · Charx Sec-3100

Name of the Vulnerable Software and Affected Versions: Phoenix Contact CHARX SEC-3100 affected versions not specified Description: A low privileged remote attacker can exploit a command injection vulnerability in the API, which allows remote code execution as the user-app user due to improper inp...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security vulnerability exists in Apache Superset versions prior to 3.1.2, which can be exploited by an authenticated attacker to access metadata from data sources they are not authorized to vie...

PT-2024-25199 · Tvs · Tvs Connect Ios +1

Name of the Vulnerable Software and Affected Versions: TVS Connet Android versions 4.5.1 TVS Connet iOS versions 5.0.0 Description: An issue in TVS Connet allows a remote attacker to obtain sensitive information via an insecure API endpoint. Recommendations: For TVS Connet Android version 4.5.1,...