CVE-2024-56084

An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution...

ROS-20241216-07

A vulnerability in the asynchronous client and server implementation of the SSHv2 protocol on top of Python python-asyncssh is related to a lack of data authentication. Exploitation of the vulnerability could allow an attacker, acting remotely, to control a remote SSH client session by injecting ...

CVE-2024-12553 GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability

GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest...

CVE-2023-41848

Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2...

CVE-2023-37967 WordPress DirectoryPress plugin <= 3.6.2 - Unauthenticated Broken Access Control Vulnerability

Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2...

PT-2024-12133 · Unknown · Total Theme

Name of the Vulnerable Software and Affected Versions: Total versions prior to 2.1.19 Description: The issue allows authenticated users to activate arbitrary plugins due to missing authorization, exploiting incorrectly configured access control security levels. Recommendations: Update to Total...

CVE-2024-55886

The CVE affects OpenSearch Data Prepper (OpenTelemetry Logs source) where custom GrpcAuthenticationProvider plugins that implement getHttpAuthenticationService() instead of getAuthenticationInterceptor() fail to perform authentication, allowing unauthorized data ingestion. Affected versions: 2.1....

CVE-2024-45494

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 Fixed in 7.0.0. The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected...

CVE-2024-45494

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 Fixed in 7.0.0. The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected...

CVE-2024-54151

Directus vulnerability CVE-2024-54151 affects Directus real-time API/admin dashboard. From version 11.0.0 up to, but not including, 11.3.0, configuring WEBSOCKETS_GRAPHQL_AUTH or WEBSOCKETS_REST_AUTH to "public" allows unauthenticated users to perform any supported operations (CRUD, subscriptions...

PT-2024-9749

Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.23.7 Description The issue is related to the getWindowsIEEE8021x function in the systeminformation library for node.js, where SSIDs are not sanitized before being passed as a parameter to cmd.exe. This...

CVE-2024-11457

The CVE-2024-11457 vulnerability affects the WordPress plugin Feedpress Generator – External RSS Frontend Customizer (

Keycloak < 24.0.9, 25.0.x < 26.0.6 Multiple Vulnerabilities

Keycloak versions installed prior to 24.0.9, 25.0 prior to 26.0.6 are affected by multiple vulnerabilities as referenced in the advisory. - Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on...

GHSA-H36C-M3RF-34H9 Access to Archived Argo Workflows with Fake Token in `client` mode

Summary When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name When using --auth-mode=sso, all Archived Workflows can be retrieved with a valid token via the GET Workflow endpoint:...

PT-2024-35960

Name of the Vulnerable Software and Affected Versions: Argo Workflows versions 3.5.7 through 3.5.8 Description: Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, archived workflows can be retrieved with ...

Symfony 安全漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony version v7.0.7, which stems from a failure to adequately handle a login request with a null username or password field, which could result...

CVE-2024-45756

An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to create a ticket. Exploitation is only accessible to authenticated users with...

PT-2024-19096 · Gocast · Gocast

Name of the Vulnerable Software and Affected Versions: GoCast version 1.1.3 Description: A lack of authentication issue exists in the HTTP API functionality, allowing a specially crafted HTTP request to lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to...

Apache Tomcat 9.0.0-M1 < 9.0.96 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...

Fortinet FortiClient Data Forgery Issue Vulnerability (CNVD-2024-49647)

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. The Fortinet FortiClient is vulnerable to a data forgery...