Nuxt Icon affected by a Server-Side Request Forgery (SSRF)

Summary nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/nuxticon/name. The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure...

CVE-2024-34684

On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...

CVE-2024-34684

CVE-2024-34684 affects SAP BusinessObjects Business Intelligence Platform (Scheduling) on Unix. An authenticated attacker with local administrator access can access the password of a local account, enabling retrieval of non-administrative credentials and allowing read/modify of remote server file...

PT-2024-26104 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform Scheduling affected versions not specified Description: The issue allows an authenticated attacker with administrator access on the local server to access the password of a local account. Thi...

CVE-2023-49234

An XML external entity XXE vulnerability was found in Stilog Visual Planning 8. It allows an authenticated attacker to access local server files and exfiltrate data to an external server...

CVE-2023-49234

An XML external entity XXE vulnerability was found in Stilog Visual Planning 8. It allows an authenticated attacker to access local server files and exfiltrate data to an external server...

CVE-2023-49234

Stilog Visual Planning 8 is affected by an XXE vulnerability. An authenticated attacker can exploit XML parser weaknesses to read arbitrary files on the application server and exfiltrate data to an external server. According to Schutzwerk, all versions prior to Visual Planning 8 (Build 240207) ar...

CVE-2023-49234

An XML external entity XXE vulnerability was found in Stilog Visual Planning 8. It allows an authenticated attacker to access local server files and exfiltrate data to an external server...

SUSE CVE-2024-1727

A Cross-Site Request Forgery CSRF vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete...

My Cloud Multiple Products Code Issue Vulnerability

Western Digital My Cloud and others are products of Western Digital, Inc.Western Digital My Cloud is a personal cloud storage device.Western Digital My Cloud Home is an easy-to-use personal cloud storage device.Western Digital My Cloud Home Duo is an easy-to-use personal cloud storage...

Fedir Tsapana Simple HTTP Server PLUS Trust Management Issues Vulnerability

Fedir Tsapana Simple HTTP Server PLUS is an application from Fedir Tsapana that allows you to run small local HTTP servers with static content. A trust management issue vulnerability exists in Fedir Tsapana Simple HTTP Server PLUS version 1.8.1-plus and prior versions, which stems from the...

Directory traversal

The Wrangler command line tool email protected or email protected was affected by a directory traversal vulnerability when running a local development server for Pages wrangler pages dev command. This vulnerability enabled an attacker in the same network as the victim to connect to the local...

Cloudflare Wrangler Path Traversal Vulnerability

Cloudflare Wrangler is a repository from Cloudflare, Inc. A path traversal vulnerability exists in Wrangler versions prior to 3.1.1, which stems from a directory traversal vulnerability when running the local development server for Pages the wrangler Pages dev command, which can be exploited by a...

CVE-2023-36609

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...

Default configuration

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...

CVE-2023-36609

CVE-2023-36609 affects Ovarro TBox RTUs where OpenVPN runs with root privileges and can execute user-defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script to the TBox host to gain root privileges. Mitigation from CISA/EU/NVD references: update ...

Ovarro TBox RTUs 安全漏洞

Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. The Ovarro TBox RTUs suffers from a security vulnerability that originates from running OpenVPN with root privileges and the ability to run user-defined configuration scripts, which allows an attacker to...

SUSE CVE-2023-1521

On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LDPRELOAD. If the server is run as root which is the default when installing the snap package https://snapcraft.io/sccache , this means a user...

PT-2023-24275 · Kaios · Kaios

Name of the Vulnerable Software and Affected Versions: KaiOS versions 3.0 through 3.0 Description: An issue was discovered in the /system/bin/tctweb server binary, which exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and...

DEBIAN-CVE-2021-44476

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files...