CVE-2023-2886

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

PT-2023-24494 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Provider Accounts function, specifically at the /circuits/provider-accounts/ API endpoint, allowing attackers to execute arbitrary web scripts or...

PT-2023-18901 · Ciq Api · Ciq Api

Name of the Vulnerable Software and Affected Versions: CIQ API versions 2.2.0 through 4.1.7 Description: The Toybox.Ant.BurstPayload.add API method suffers from a type confusion issue, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted...

Connect IQ 安全漏洞

Connect IQ CIQ is a technology platform and ecosystem from Garmin Switzerland designed to extend and customize the functionality of its smartwatches and health trackers. Connect IQ suffers from a security vulnerability that stems from an unvalidated API function parameter that results in a buffer...

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. Cisco DNA Center is vulnerable to an authorization issue. The vulnerability stems from improper authorization of API requests and can be exploited by an authenticated, remote attacker to read information from a...

bumsys 安全漏洞

bumsys is an open source project called Business Management System by unilogies individual developers. A security vulnerability exists in versions of bumsys prior to 2.1.1, which stems from an api processing endpoint that is allowed to contain local files that can be used to cause remote code...

Lenovo XClarity Controller 安全漏洞

Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. A security vulnerability exists in Lenovo XClarity Controller that stems from the possibility that a valid, authenticated user with...

CVE-2022-31647

Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659...

PYSEC-2023-22

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

Mozilla: Memory Corruption in Safe Browsing Code

The Mozilla Foundation Security Advisory describes this flaw as: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash...

Mozilla: Memory Corruption in Safe Browsing Code

The Mozilla Foundation Security Advisory describes this flaw as: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash...

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from a broken access control under /api/v1/vdeskintegration/saml/user/createorupdate, /settings/guest-settings,...

Why Shadow APIs are More Dangerous than You Think

Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren't familiar with the term, shadow APIs are a type of application programming interface API that isn't officially documented or supported. Contrary...

CVE-2023-1749

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute...

Directus 资源管理错误漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in the Directus API version v.2.2.0. A remote attacker could exploit this vulnerability to cause a denial of service via a large number of HTTP requests to the system...

Nextcloud 信息泄露漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud that stems from a user being able to obtain the full data directory path to the Nextcloud serve...

PT-2023-21996 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.0 through 24.0.6 Nextcloud Server versions 25.0.0 through 25.0.4 Nextcloud Enterprise Server versions 23.0.0 through 23.0.11 Nextcloud Enterprise Server versions 24.0.0 through 24.0.6 Nextcloud Enterprise Server...

PT-2023-2330 · Rocket · Universe +1

Name of the Vulnerable Software and Affected Versions: Rocket Software UniData versions prior to 8.2.4 build 3003 Rocket Software UniVerse versions prior to 11.3.5 build 1001 Rocket Software UniVerse versions prior to 12.2.1 build 2002 Description: The issue is related to a buffer overflow in an...

PT-2023-13975 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 0.5.0 through 2.4.12 Argo CD versions 2.5.0 through 2.5.15 Argo CD versions 2.6.0 through 2.6.6 Description: An access control issue in Argo CD allows unauthorized users to enumerate existing applications by inspecting API...

MEGAFEIS DBD+ 安全漏洞

MEGAFEIS DBD+ is a smart fingerprint Bluetooth padlock from MEGAFEIS. A security vulnerability exists in MEGAFEIS DBD+ version 1.4.4, which stems from a vulnerability that allows an attacker to unlock the model without authorization via arbitrary API requests...