Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome version 111.0.5563.64, which stems from a weak policy enforcement issue in the Resource Timing component. The vulnerability allows an attacker who convinces a user to install a malicious extension to...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab. The vulnerability could allow users...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome versions prior to 111.0.5563.64, which stems from inadequate enforcement of timing policies. An attacker exploits the vulnerability to obtain potentially sensitive information from the API via...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.7. An attacker...

Github saleor 安全漏洞

Github saleor is a headless GraphQL commerce platform that delivers a super-fast, dynamic, personalized shopping experience. Beautiful online store, anywhere, on any device. Github saleor suffers from a security vulnerability that stems from some internal exceptions that are not handled correctly...

SUSE CVE-2010-4091

The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted PDF document that triggers memory corruption,...

SUSE CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

SUSE CVE-2017-1000388

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...

SUSE CVE-2021-23975

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects...

SUSE CVE-2022-30034

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

CVE-2022-48302

The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality...

PT-2023-15554 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad version 5.3.0 Description: Insufficient privilege verification allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. The issue has been corrected so that only agents with write...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad version v5.3.0, which stems from insufficient privilege validation, and can be exploited by an attacker to make changes to the labels of its customers' tickets using the Zamma...

CVE-2022-26872

AMI Megarac Password reset interception via API...

PT-2023-1336 · Ami · Ami Megarac

Name of the Vulnerable Software and Affected Versions: AMI MegaRAC affected versions not specified Description: The issue is related to insufficient password hash computation in the Redfish and API components of the AMI MegaRAC firmware. This could allow a remote attacker to gain unauthorized...

GHSA-Q764-G6FM-555V Path traversal in spotipy

Summary If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. Details The code Spotipy uses to parse URIs and URLs accepts user data too liberally which allows a malicious user to insert arbitrary characters...

API Mediation Layer 授权问题漏洞

The API Mediation Layer is an API mediation layer that provides a single access point to the Mainframe Services REST API. A security vulnerability exists in API Mediation Layer versions 1.16 through 1.19. An attacker exploiting this vulnerability could manipulate JWT tokens without knowing the JW...

PT-2023-14418 · Ge Grid Solutions · Fc46-Webbridge

Name of the Vulnerable Software and Affected Versions: FC46-WebBridge on GE Grid Solutions MS3000 devices versions prior to 3.7.6.25p0 3.2.2.17p0 4.7p0 Description: An issue was discovered that allows direct access to the API on TCP port 8888 via programs located in the cgi-bin folder without any...

firefly-iii 授权问题漏洞

firefly-iii is a free and open source personal finance manager. A vulnerability with authorization issues exists in versions of firefly-iii prior to 5.8.0, which stems from its API failing to properly check authorization...

PT-2023-14738 · Unknown · Doctor Appointment Management System

Name of the Vulnerable Software and Affected Versions: Doctor Appointment Management System version 1.0.0 Description: The issue is related to a cross-site scripting XSS vulnerability. Cross-site scripting is a type of security vulnerability that occurs when an attacker is able to inject maliciou...