CVE-2025-1385

The CVE-2025-1385 vulnerability affects ClickHouse when the library_bridge feature is enabled and exposes an HTTP API on localhost (default port 9019). This configuration allows the ClickHouse server to dynamically load a library from a path and execute it in an isolated process, which, combined ...

CVE-2025-1385

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

ClickHouse 安全漏洞

ClickHouse is a ClickHouse open source one of the fastest and most resource efficient open source databases for real-time applications and analytics. A security vulnerability exists in ClickHouse that stems from an HTTP API exposure that could lead to arbitrary code execution...

CVE-2022-32510

An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the full set of API...

Azure Linux 3.0 Security Update: rabbitmq-server (CVE-2023-46118)

The version of rabbitmq-server installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46118 advisory. - RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP reque...

CVE-2024-21855

A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-49375

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

CVE-2024-49375 Remote Code Execution via Remote Model Loading in Rasa

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

CVE-2024-49375

CVE-2024-49375 affects Rasa (Open Source and Pro). Remote Code Execution is possible when a malicious model is loaded into a Rasa instance via the HTTP API, with API enabled (--enable-api) and depending on authentication configuration. Unauthenticated RCE requires no auth and is more severe; auth...

CVE-2024-49375 Remote Code Execution via Remote Model Loading in Rasa

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

CVE-2024-42179 HCL MyXalytics is affected by sensitive information disclosure vulnerability

HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version...

CVE-2024-42179 HCL MyXalytics is affected by sensitive information disclosure vulnerability

HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version...

PT-2025-2626 · Microsoft +1 · Microsoft-Httpapi +1

The vulnerable software is HCL MyXalytics. It is affected by a sensitive information disclosure vulnerability, where the HTTP response header exposes the server's name and version as Microsoft-HTTP API/2.0. This vulnerability is identified as CVE-2024-42179. The vulnerability allows attackers to...

Fixed in ClickHouse v25.1.5.5, 2025-01-05​

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

CVE-2024-5722

Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this...

CVE-2024-5719

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...

CVE-2024-5720

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...

CVE-2024-5721

Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific...

CVE-2024-5717

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...

CVE-2024-5718

Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific...