SAP Application Interface Framework Code Injection Vulnerability

SAP Application Interface Framework SAP AIF is an application interface framework from SAP. A code injection vulnerability exists in the SAP Application Interface Framework File Adapter, which can be exploited to allow an elevated privilege user to traverse layers and directly execute operating...

The vulnerability of the application software interface of the operating system PAN-OS allows a perpetrator to execute arbitrary code.

The vulnerability of the application programming interface of the PAN-OS operating system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

SUSE CVE-2023-6866

TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox 121...

PT-2023-9220 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 26.0.9 and 27.1.4 Nextcloud Enterprise Server versions prior to 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 Description: The issue is related to Nextcloud Server, an open source cloud platform, wher...

PT-2023-35649 · Git +1 · Libavc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow issue was identified, potentially causing a crash. The crash occurs in the ih264d format convert function, which is called by isvc...

PT-2023-32558 · M Files · M-Files Server

Name of the Vulnerable Software and Affected Versions: M-Files server versions prior to 23.11.13156.0 Description: The issue is related to missing access permissions checks in the M-Files server, allowing attackers to perform data write and export jobs using the M-Files API methods...

PT-2023-12331 · Unknown · Fleet Server

Name of the Vulnerable Software and Affected Versions: Fleet-Server affected versions not specified Description: An issue was found with how API keys are created with the Fleet-Server service account, allowing a compromised Fleet-Server service account to potentially escalate themselves to a...

CVE-2023-45624

An unauthenticated Denial-of-Service DoS vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point...

WordPress Plugin Contact Form to Any API SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

CVE-2023-45317

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site...

CVE-2023-45317

CVE-2023-45317 concerns Sielco Radio Link and Analog FM Transmitters. The issue is a Cross-Site Request Forgery where HTTP requests may be accepted without proper validation, potentially allowing an authenticated user to perform administrative actions by visiting a malicious site. The affected pr...

The vulnerability of the application software interface of the SolarWinds Access Rights Manager allows a violator to execute arbitrary code.

The vulnerability of the application software interface of the SolarWinds Access Rights Manager lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through the TCP port 443 remotely...

CVE-2023-33303

A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request...

Fortinet FortiSIEM Operating System Command Injection Vulnerability

Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation, and unified management. Fortinet FortiSIEM is vulnerable to an operating system command injection...

PT-2023-23657 · Neuvector · Neuvector

Name of the Vulnerable Software and Affected Versions: NeuVector versions prior to 5.2.2 Description: A user can reverse engineer the JSON Web Token JWT used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector, potentially leadi...

PT-2023-32048 · Field Logic · Field Logic Datacube4

Name of the Vulnerable Software and Affected Versions: Field Logic DataCube4 up to 20231001 Description: A problematic issue was found in the Web API component, affecting unknown code of the file /api/. This leads to improper authentication. The exploit has been disclosed to the public and may be...

PT-2023-5521 · Cisco · Cisco Dna Center

Name of the Vulnerable Software and Affected Versions: Cisco DNA Center affected versions not specified Description: A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected devic...

PT-2023-6822 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to information disclosure in the GLPI system. Exploitation of this issue may allow a remote attacker to disclose protected information. An API user can enumerate sensitive field...

The vulnerability of the application programming interface for the declarative delivery tool for GitOps for Kubernetes Argo CD lies in authentication errors, which allow a perpetrator to bypass established access controls.

The vulnerability of the application programming interface for the declarative delivery tool of GitOps for Kubernetes Argo CD is related to authentication errors. Exploiting this vulnerability allows a malicious actor to bypass established access controls...

Undefined Behavior for Input to API in Mutt

...