400 matches found
SUSE CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
Insecure Configuration Injection
flowise is vulnerable to insecure configuration injection. The vulnerability is due to insufficient protection and lack of secure default settings for the overrideConfig option, which allows developers to inject configuration into the Chainflow during execution...
Sensitive Information Exposure
filament/actions is vulnerable to Sensitive Information Exposure. The vulnerability is due to insecure default configuration, specifically setting the public disk as the default storage disk, which allows sensitive files, such as exports, to be stored in a location that is publicly accessible,...
CVE-2024-52289
This CVE concerns authentik, an open-source identity provider. In the OAuth2 provider, Redirect URIs are validated by a RegEx comparison. If no Redirect URIs are configured for a provider, authentik can automatically treat the first received redirect_uri as allowed, without escaping RegEx-special...
CVE-2024-52289 authentik has an insecure default configuration for OAuth2 Redirect URIs
authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirecturi value received as an allowed redirect URI, without escaping...
CVE-2024-52289 authentik has an insecure default configuration for OAuth2 Redirect URIs
authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirecturi value received as an allowed redirect URI, without escaping...
CVE-2024-10315
In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD...
CVE-2024-10315 Insecure Configuration in Gliffy Online
In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD...
CVE-2024-10315
CVE-2024-10315 concerns an insecure configuration in Gliffy Online. Multiple sources in the connected set confirm affected software as Gliffy Online with versions prior to 4.14.0-6. The root cause identified is an insecure configuration in these versions, as reported by Alpha Inferno PVT LTD. Acr...
CVE-2024-10315 Insecure Configuration in Gliffy Online
In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD...
Perforce Gliffy 安全漏洞
Perforce Gliffy is a Perforce software for charting via HTML5 cloud-based applications. A security vulnerability exists in Perforce Gliffy versions prior to 4.14.0-6 that stems from an insecure configuration...
PT-2024-16182 · Unknown · Gliffy Online
Name of the Vulnerable Software and Affected Versions: Gliffy Online versions prior to 4.14.0-6 Description: An insecure configuration was discovered in Gliffy Online. The issue was reported by Alpha Inferno PVT LTD. Recommendations: For versions prior to 4.14.0-6, update to version 4.14.0-6 or...
CLSA-2024-1729627812 Fix CVE(s): CVE-2024-8927
SECURITY UPDATE: insecure configuration vulnerability - debian/patches/CVE-2024-8927.patch: fix bypass of cgi.forceredirect configuration - CVE-2024-8927...
PT-2024-39895 · WordPress · Userpro
Name of the Vulnerable Software and Affected Versions: UserPro plugin for WordPress versions up to, and including, 3.6.0 Description: The issue is related to privilege escalation due to the insecure 'administrator' default value for the default user role option. This allows unauthenticated...
CVE-2024-45735
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store KV Store deployment configuration an...
Cross Site Scripting(XSS)
CKEditor 5 is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to Insecure Editor Configuration and lack of Input Sanitization in the CKEditor 5 clipboard package, which allows an attacker to insert malicious content into the editor when the General HTML Support or HTML Embed...
Infinera Transcend Network Management System 安全漏洞
Infinera Transcend Network Management System Infinera TNMS is a powerful element, network, and service management system from Infinera USA. A security vulnerability exists in Infinera Transcend Network Management System version 19.10.3, which stems from an insecure default configuration of the...
CVE-2024-25659
Infinera TNMS (Transcend Network Management System) version 19.10.3 is affected by an insecure default configuration of the internal SFTP server on Linux, which can allow a remote attacker to access files and directories outside the SFTP user home directory. The CVE-2024-25659 entry notes a netwo...
CVE-2024-8258
Improper Control of Generation of Code 'Code Injection' in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration...
CVE-2024-8258 Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS
Improper Control of Generation of Code 'Code Injection' in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration...