CVE-2024-2820

A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has...

CVE-2024-2742 OS Command Injection in Planet IGS-4215-16T2S

Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality...

CVE-2024-2742 OS Command Injection in Planet IGS-4215-16T2S

Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality...

Improper Input Validation

Apache Hop Engine is vulnerable to Improper Input Validation. The vulnerability is due to improper escape functionality within the "id" parameter in links written to the PrepareExecutionPipelineServlet page...

CVE-2024-27626

A Reflected Cross-Site Scripting XSS vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel...

PT-2024-22223 · Delta Electronics +1 · Diaenergie

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises from incomplete server-side verification of privileges, allowing users with limited privileges to bypass authorization and access...

CVE-2023-46839

PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context...

CVE-2023-46839

PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context...

Tramyardg Autoexpress 1.3.0 Authentication Bypass Vulnerability

Tramyardg Autoexpress version 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update vehicles as well as upload images for vehicles. Exploit Title: tramyardg autoexpress - Authentication Bypass...

PT-2024-21619 · Olive Themes · Olive One Click Demo Import

Name of the Vulnerable Software and Affected Versions: Olive One Click Demo Import versions 1.1.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import, which allows importing settings and data. This can ultimately lead ...

CVE-2024-1144 Improper Access Control at Alma Devklan Blog

Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials...

CVE-2023-7248 OpenText Vertica Management console might be prone to bypass via crafted requests

Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management...

Cross site scripting

A Reflected Cross-Site Scripting XSS vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel...

CVE-2024-25653

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

Improper access control

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

CVE-2024-25653

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

PT-2024-21781 · Ibm · Ibm Integration Bus For Z/Os

Name of the Vulnerable Software and Affected Versions: IBM Integration Bus for z/OS versions 10.1 through 10.1.0.3 Description: The issue is related to cross-site request forgery, which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website...

PT-2024-21068 · Delinea · Delinea Pam Secret Server

Name of the Vulnerable Software and Affected Versions: Delinea PAM Secret Server version 11.4 Description: The issue allows a user with access to the Report functionality to gain unauthorized access to remote sessions created by legitimate users. Recommendations: For Delinea PAM Secret Server...

CVE-2024-25653

Delinea PAM Secret Server 11.4 exposes a Broken Access Control in the Web UI Report functionality (Unlimited Admin Mode) that allows unprivileged users to view system reports and modify custom reports. Root cause: access control bypass within the Reports feature. Affected component: Report module...

Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability

A vulnerability in the PPP over Ethernet PPPoE termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the pppma process, resulting in a denial of service DoS condition. This vulnerability is du...