PT-2023-20640 · Ox Software Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises from custom log-in and log-out locations defined as jslob, which were not checked for malicious protocol handlers. This oversight allow...

PT-2023-20643 · Unknown · Ox Count Web Service

Name of the Vulnerable Software and Affected Versions: OX Count web service affected versions not specified Description: The issue arises from the OX Count web service not specifying a media-type when processing responses from external resources. This allows malicious script code to be executed...

SteelSeries GG 路径遍历漏洞

SteelSeries GG is an all-in-one gaming platform from Danish company SteelSeries. It bundles powerful gaming applications into an easy-to-use interface. A path traversal vulnerability exists in SteelSeries GG version 36.0.0, which can be exploited by an attacker to create a sub-application via an...

Oracle Java SE 安全漏洞

Oracle Java SE and Oracle GraalVM are both products of Oracle Corporation.Oracle Java SE is a product for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM is a set of on-the-fly compilers written in the Java language...

CVE-2023-32760

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication...

Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions prior to 6.13 that stems from a vulnerability that allows an authenticated attacker to gain access to sensitive information through API calls related to da...

WordPress plugin MStore API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

OSNEXUS QuantaStor 操作系统命令注入漏洞

OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. An operating system command injection vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker could exploit this vulnerability to remotely execute arbitrary shell commands via t...

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...

CVE-2023-36607

The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents...

IBM Cloud Pak for Security 信息泄露漏洞

IBM Cloud Pak for Security is an application from International Business Machines IBM, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster. A security vulnerability exists in IBM Cloud Pak for...

CVE-2023-27243

An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API...

CVE-2023-34166

Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart...

CVE-2023-2907

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605...

SRS 命令注入漏洞

SRS is a simple, efficient, real-time video server from SRS open source. SRS has a command injection vulnerability , the vulnerability stems from the api-server server has a command injection vulnerability...

WordPress Plugin WooCommerce Multivendor Marketplace – REST API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin MStore API 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Broken Access Control in Alert manager: Viewer can send test alerts

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...

Shop Beat Media Player 访问控制错误漏洞

Shop Beat is a media player from Shop Beat, Inc. A security vulnerability exists in Shop Beat Media Player versions 2.5.95 through 3.2.57, which originates from a login that can bypass secondary authentication by accessing the API directly with a bearer token or jsession ID...

CVE-2023-31227

The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality...