93 matches found
SUSE CVE-2025-6227
Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...
SUSE CVE-2025-24391
A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023....
OTRS 安全漏洞
OTRS is a service management solution from OTRS Germany. A security vulnerability exists in OTRS that stems from an external interface that allows the inference of user account presence, which could lead to the identification of valid email addresses. The following versions are affected: version...
CVE-2023-26317
Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing...
Access Control Bypass
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to insufficient access control mechanisms implemented in the external API for quiz overrides. Remediation Upgrade moodle/moodle to version 4.4.2 or higher. References -...
SUSE CVE-2024-6540
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...
CVE-2024-6540
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...
CVE-2024-6540 Information exlosure in external interface
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...
CVE-2024-6540
CVE-2024-6540 affects OTRS where the export function in the external-ticket-overview can disclose ticket-level data. The root cause is improper filtering of fields during export when the TicketSearchLegacyEngine is disabled by an admin, allowing an authorized user to download a list of tickets co...
PT-2024-37700 · Otrs · Otrs
Name of the Vulnerable Software and Affected Versions: OTRS versions 8.0.X through 2024.4.x OTRS version 2023.X Description: The issue is related to improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS. This could allow an authorized...
The vulnerability of the update_form() function in the Admin Bar Editor plugin of the WordPress content management system allows a hacker to enable or disable the administrator panel on the website’s external interface.
The vulnerability of the updateform function in the Admin Bar Editor plugin of the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to enable or disable the administrator panel on the website’s...
CVE-2023-7060
Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address...
Zephyr Security Breach
Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in Zephyr that stems from the inability to properly drop IP packets arriving at an external interface at source address 127.0.01 or destination address...
PT-2024-15189 · Zephyr Os · Zephyr Os
Name of the Vulnerable Software and Affected Versions: Zephyr OS affected versions not specified Description: The issue concerns the handling of IP packets in Zephyr OS. Specifically, it does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.0.1 o...
CVE-2023-6254
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37...
UBUNTU-CVE-2023-6254
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37...
PT-2023-32579 · Otrs · Otrs
Name of the Vulnerable Software and Affected Versions: OTRS versions 8.0.X through 8.0.37 Description: A vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords, which are sent back to the client in the server response. Recommendations: For OTRS...
Xiaomi Router 命令注入漏洞
Xiaomi Router is a series of wireless routers from the Chinese company Xiaomi. A command injection vulnerability exists in Xiaomi Router. The vulnerability is due to insufficient screening of responses returned from an external interface. An attacker could use this vulnerability to gain privilege...
Xiaomi router command injection vulnerability (CNVD-2025-06298)
Xiaomi router is a series of wireless routers from the Chinese company Xiaomi. Xiaomi routers suffer from a command injection vulnerability that stems from insufficient filtering of responses returned by the external interface, which can be exploited by an attacker to gain privileges by hijacking...
CVE-2023-26317
Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing...