1746 matches found
GHSA-PCWP-26PW-J98W CometVisu Backend for openHAB has a path traversal vulnerability
openHAB's CometVisuServlet is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This vulnerability was discovered with the help of CodeQL's Uncontrolled data used in path expression query. Impact This...
CometVisu Backend for openHAB has a path traversal vulnerability
openHAB's CometVisuServlet is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This vulnerability was discovered with the help of CodeQL's Uncontrolled data used in path expression query. Impact This...
Server-side Request Forgery (SSRF)
org.apache.streampipes: streampipes-rest is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to improper validation of custom endpoints during the installation process of a pipeline elements, allowing an attacker to manipulate StreamPipes into sending HTTP GET requests to...
CVE-2024-31979
Server-Side Request Forgery SSRF vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an...
CVE-2024-6746
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...
CVE-2024-6746
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...
CVE-2024-6746 NaiboWang EasySpider HTTP GET Request server.js path traversal
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...
CVE-2024-6746 NaiboWang EasySpider HTTP GET Request server.js path traversal
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...
CVE-2024-6746
NaiboWang EasySpider 0.6.2 on Windows has a path-traversal vulnerability in the HTTP GET Request Handler (server.js) that allows reading arbitrary Windows files via input like /../../../../../../../../../Windows/win.ini. Exploitation is possible within a local network, and public disclosure has o...
GHSA-53Q7-4874-24QG Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. This vulnerability allow...
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. This vulnerability allow...
CVE-2024-31223
Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...
CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...
CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...
CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...
Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Paradox IP150 Internet Module Cross-Site Request Forgery Link: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01ParadoxCrossSiteRequestForgery Vulnerability Overview The Paradox IP150 Internet Module in version 1.40.00 i...
CVE-2024-37654
An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD...
PT-2024-20212 · Silicon · Gecko Os
Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko OS affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. No authentication is required to exploit this issue...
CVE-2024-37654
CVE-2024-37654 affects BAS-IP AV-01D/AV-01MD/AV-01MFD/AV-01ED/AV-01KD/AV-01BD/AV-01KBD/AV-02D/AV-02IDE/AV-02IDR/AV-02IPD/AV-02FDE/AV-02FDR/AV-03D/AV-03BD/AV-04AFD/AV-04ASD/AV-04FD/AV-04SD/AV-05FD/AV-05SD/AA-07BD/AA-07BDI/BA-04BD/BA-04MD/BA-08BD/BA-08MD/BA-12BD/BA-12MD/CR-02BD before version 3.9.2...
CVE-2024-37654
An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD...