CVE-2023-34992

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests...

PT-2023-6001 · Fortinet · Fortisiem

Name of the Vulnerable Software and Affected Versions: FortiSIEM versions 6.4.0 through 6.4.2 FortiSIEM versions 6.5.0 through 6.5.1 FortiSIEM versions 6.6.0 through 6.6.3 FortiSIEM versions 6.7.0 through 6.7.5 FortiSIEM version 7.0.0 Description: The issue is related to an improper neutralizatio...

CVE-2023-20259

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for devic...

CVE-2023-20223

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...

Jumpserver Information Disclosure Vulnerability

Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. JumpServer suffers from an information disclosure vulnerability caused by exposing random number seeds to the API, which could allow replay of randomly generated CAPTCHAs, leading to password...

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. An access control error vulnerability exists in the Cisco DNA Center API, which can be exploited by a remote attacker to submit a special request that can read and modify database data and elevate privileges...

Undefined Behavior for Input to API in Mutt

...

ASUS RT-AX56U Formatting String Error Vulnerability

The ASUS RT-AX56U is a wireless router from Asus China. The ASUS RT-AX56U suffers from a Format String Error vulnerability that stems from a format string vulnerability found in the iperf client function API...

Fortinet FortiSwitchManager 安全漏洞

Fortinet FortiSwitchManager is a network switch management tool from Fortinet designed to help organizations manage their FortiSwitch family of network switches. An improper access control vulnerability exists in Fortinet FortiSwitchManager. The vulnerability is caused by a flawed authentication...

WireMock security vulnerability

WireMock is a popular open source tool for API simulation testing from WireMock Open Source. WireMock has a security vulnerability that stems from vulnerability to DNS rebinding attacks...

PT-2023-17071 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.2 through 16.1.4 GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab where a namespace-level banned user can access the API. Recommendations: For GitLa...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the fact that user...

CVE-2023-24515

Server-Side Request Forgery SSRF vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to...

Artica Pandora FMS 代码问题漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS that stems from a server-side request forgery SSRF vulnerability in...

PT-2023-28767 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface is vulnerable to a Denial of Service DoS that can be caused by an authenticated user to the REST API Interface. Recommendations: ...

CVE-2023-38751

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation...

Qualcomm Chipsets Code Issue Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in the Qualcomm Chipsets that originates from a memory corruption in the Trusted Execution Environment when a service API is called with an invalid address...

CVE-2023-33368

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes...

Control ID IDSecure Security Vulnerability

Control ID IDSecure is software from Control ID that controls access to personnel and vehicles in companies of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and prior versions, which stems from the presence of a number of API routes, thereby disclosing sensiti...

CVE-2023-23476

IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425...