ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2 that stems from SQL injection when a user searches a REST API endpoint...

The vulnerability of the application programming interface of the interactive data analysis, visualization, and Jupyter Server document creation software allows a perpetrator to gain access to confidential information.

The vulnerability of the application programming interface of the interactive data analysis, visualization, and Jupyter Server document creation software is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability can allow a malicious actor, operating remotely, to...

The vulnerability of the APIX application programming interface for the AXIS OS operating system allows a hacker to delete any files they desire.

The vulnerability of the APIX application programming interface for the AXIS OS operating system relates to incorrect restrictions on path names to restricted directories. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files remotely...

The vulnerability of the APIX application programming interface for the AXIS OS operating system allows a perpetrator to trigger a service failure.

The vulnerability of the APIX application programming interface for the AXIS OS operating system is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the APIX application programming interface for the AXIS OS operating system allows a hacker to delete any files they desire.

The vulnerability of the APIX application programming interface for the AXIS OS operating system relates to incorrect restrictions on path names to restricted directories. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files remotely...

CVE-2023-49241

API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality...

The vulnerability of the application programming interface of the WordPress website management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the WordPress website content management system’s application interface is related to insufficient protection of sensitive data. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information...

Zulip security vulnerability

Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in Zulip version 7.5 that stems from the fact that an active user who previously subscrib...

CVE-2023-36553

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to...

Click Studios Passwordstate Security Breach

Click Studios Passwordstate passwordstate is a password management software from the Click Studios team in Australia. The program provides users with the ability to save their passwords, record their accounts and passwords, and keep them safe. This program provides you with the ability to save yo...

UBUNTU-CVE-2023-41260

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls...

Lenovo XClarity Controller SQL Injection Vulnerability

Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. Lenovo XClarity Controller suffers from a SQL injection vulnerability that originates from an authenticated XCC user with elevated...

Apache Airflow 信息泄露漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions 2.4.0 to 2.7.0 information leakage vulnerability , the...

The vulnerability of the application programming interface of the Oracle Enterprise Command Center Framework, a system for automating business operations in enterprises, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the application software interface implementation of the Oracle Enterprise Command Center Framework of the Oracle E-Business Suite system for enterprise automation activities is related to insufficient verification of input data. Exploiting this vulnerability can allow an...

CVE-2023-43118

Cross Site Request Forgery CSRF vulnerability in Chalet application in Extreme Networks Switch Engine EXOS before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API...

Fortinet FortiEDR 代码问题漏洞

Fortinet FortiEDR is an endpoint security solution built from the ground up by Fortinet. Fortinet FortiEDR suffers from an Access Control Error vulnerability that stems from insufficient handling of session expiration times, which can be exploited by an attacker to execute unauthorized code or...

PT-2023-29102 · Unknown · Fwk-Display

Name of the Vulnerable Software and Affected Versions: Fwk-Display module affected versions not specified Description: The issue concerns an API permission management vulnerability in the Fwk-Display module. Successful exploitation of this vulnerability may cause features to perform abnormally...

CVE-2023-34992

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests...

PT-2023-6001 · Fortinet · Fortisiem

Name of the Vulnerable Software and Affected Versions: FortiSIEM versions 6.4.0 through 6.4.2 FortiSIEM versions 6.5.0 through 6.5.1 FortiSIEM versions 6.6.0 through 6.6.3 FortiSIEM versions 6.7.0 through 6.7.5 FortiSIEM version 7.0.0 Description: The issue is related to an improper neutralizatio...

CVE-2023-20259

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for devic...