45 matches found
CVE-2025-37173 Improper Input Handling Vulnerability in Authenticated Configuration API Endpoint (AOS-10/AOS-8 Web UI)
An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected...
EUVD-2025-20404
Malicious code in bioql PyPI...
EUVD-2025-20964
Malicious code in bioql PyPI...
CVE-2021-46006
In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication...
GO-2022-0491 Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users in github.com/edgexfoundry/app-functions-sdk-go
Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users in github.com/edgexfoundry/app-functions-sdk-go...
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions ...
CVE-2022-23536
A local file inclusion vulnerability exists in Cortex. This issue could allow a malicious actor to remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API...
Cortex's Alertmanager can expose local files content via specially crafted config
Impact A local file inclusion vulnerability exists in Cortex versions v1.13.0, v1.13.1 and v1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users o...
The vulnerability of the EdgeXFoundry IoT platform’s /api/v2/config component allows attackers to disclose sensitive information and increase their privileges.
The vulnerability of the /api/v2/config component in the EdgeXFoundry IoT platform’s configuration settings is related to lack of access control. Exploiting this vulnerability could allow attackers to disclose sensitive information and enhance their privileges...
GHSA-G63H-Q855-VP3Q Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users
Impact The /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message b...
Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users
Impact The /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message b...
CVE-2022-31066 Configuration API in EdgeXFoundry exposes message bus credentials to local unauthenticated users
EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to...
OPENSUSE-SU-2021:0825-1 Security update for chromium
This update for chromium fixes the following issues: Chromium 91.0.4472.77 boo1186458: Support Managed configuration API for Web Applications WebOTP API: cross-origin iframe support CSS custom counter styles Support JSON Modules Clipboard: read-only files support Remove webkitBeforeTextInserted &...
CVE-2018-19854
An issue was discovered in the Linux kernel in the cryptoreportone and related functions in the crypto/cryptouser.c the crypto user configuration API which do not fully initialize structures that are copied to userspace, potentially leaking sensitive kernel memory content to a userspace...
dnsFookup - DNS Rebinding Toolkit
DNS Rebinding freamwork containing: a dns server obviously web api to create new subdomains and control the dns server, view logs, stuff like that shitty react app to make it even more comfy What does it do? It lets you create dns bins like a burp collaborator but it adds a bit more features... a...
GHSA-WW97-9W65-2CRX Improper Input Validation in Apache Solr
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
Improper Input Validation in Apache Solr
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...