Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL

The servicenow config URL is using a generic django View with no authentication. URL: /plugins/ssot/servicenow/config/ Impact What kind of vulnerability is it? Who is impacted? An Unauthenticated attacker could access this page to view the Service Now public instance name e.g...

GHSA-535G-62R7-CX6V Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL

The servicenow config URL is using a generic django View with no authentication. URL: /plugins/ssot/servicenow/config/ Impact What kind of vulnerability is it? Who is impacted? An Unauthenticated attacker could access this page to view the Service Now public instance name e.g...

EUVD-2023-2812

Malicious code in bioql PyPI...

Kibana 8.16.4 and 8.17.2 Security Update (ESA-2025-02)

Kibana Prototype Pollution can lead to code injection ESA-2025-02 Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal. Affected Versions: Kibana versions 8.16.1 up to and including 8.16.3, and 8.17.0 up to and including 8.17.1 Solutio...

SUSE-SU-2024:4360-1 Security update for docker

This update for docker fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker whic...

PT-2024-7785 · Palo Alto Networks +1 · Cortex Xsiam +2

Name of the Vulnerable Software and Affected Versions: Cortex XSOAR and Cortex XSIAM affected versions not specified Description: The issue is related to the storage of protected information in an unencrypted form in the ActiveMQ message broker integration. This could allow a remote attacker to...

PT-2024-6371 · Mindsdb +1 · Mindsdb +1

Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.3.0 through 24.7.4.1 Description: An arbitrary code execution issue exists when the Weaviate integration is installed on the server. If a specially crafted SELECT WHERE clause containing Python code is run against a...

PT-2024-6370 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.5.0 through 24.7.4.1 Description: An arbitrary code execution issue exists when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, a specially crafted...

PT-2023-10697 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.7 and earlier, 11.2.x before 11.2.4, 11.3.x before 11.3.1 Description: The issue is related to Server-Side Request Forgery SSRF via the Kubernetes integration. This can lead to the...