firefly-iii 授权问题漏洞

firefly-iii is a free and open source personal finance manager. A vulnerability with authorization issues exists in versions of firefly-iii prior to 5.8.0, which stems from its API failing to properly check authorization...

PT-2023-14738 · Unknown · Doctor Appointment Management System

Name of the Vulnerable Software and Affected Versions: Doctor Appointment Management System version 1.0.0 Description: The issue is related to a cross-site scripting XSS vulnerability. Cross-site scripting is a type of security vulnerability that occurs when an attacker is able to inject maliciou...

aEnrich a+HRD 授权问题漏洞

aEnrich a+HRD is a full-service human resources development solution from aEnrich, Inc. A security vulnerability exists in aEnrich a+HRD that stems from an incorrect login authentication feature in its a+HRD allowing an unauthenticated, remote attacker to bypass authentication and gain access to...

memos 访问控制错误漏洞

memos is an open source hosted meme center with knowledge management and social features. An access control error vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to view any content in a private private memo from another user via the api...

memos 授权问题漏洞

memos is an open source hosted meme center with knowledge management and social features. A vulnerability exists in memos prior to version 0.9.1 due to an authorization issue, which can be exploited by an attacker to archive any private memos, delete any shortcuts, and edit any shortcuts from oth...

memos 安全漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to delete all notes across the application via the API...

VMware vRealize Network Insight 路径遍历漏洞

VMware vRealize Network Insight is a tool from VMware, Inc. that helps customers build optimized, highly available and secure network infrastructures across multi-cloud environments. VMware vRealize Network Insight suffers from a path traversal vulnerability that stems from its vRNI REST API that...

CVE-2022-3710

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA...

Sophos Firewall SQL注入漏洞

Sophos Firewall is a firewall from Sophos UK. A SQL injection vulnerability exists in versions prior to Sophos Firewall 19.5GA that allows an API client to read the contents of its user's configuration database via SQL injection...

Sophos Firewall SQL注入漏洞

Sophos Firewall is a firewall from Sophos UK. A SQL injection vulnerability exists in versions prior to Sophos Firewall 19.5GA that allows API clients to read the contents of the configuration database in their API controller via SQL injection...

Open-Xchange OX App Suite 资源管理错误漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite version 7.10.6 and prior versions, which stems from insufficiently checking the size of request parameters for certain API endpoints...

PT-2022-27445 · Unknown · Book Store Management System

Name of the Vulnerable Software and Affected Versions: Book Store Management System version 1.0 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book...

CVE-2022-4045

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a security vulnerability that stems from a denial-of-service vulnerability that allows authenticated users to crash the server with multiple requests to the API endpoint, which could potentially...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost Playbooks suffers from a security vulnerability that stems from a denial-of-service vulnerability that allows an authenticated user to crash the server with multiple large requests to the...

FileCloud 安全漏洞

FileCloud is an ultra-secure content collaboration platform from US-based FileCloud, Inc. offering industry-leading compliance, data governance, data leakage protection, data retention and digital rights management capabilities. A security vulnerability exists in FileCloud version 20.2 and later...

PT-2022-26769 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr Open Source ERP & CRM for Business versions prior to 14.0.1 Description: The issue allows attackers to escalate privileges via a crafted API. Recommendations: For versions prior to 14.0.1, update to version 14.0.1 or later to resolve...

Plesk Obsidian 跨站请求伪造漏洞

Plesk Obsidian is a hosting control panel from the Swiss company Plesk. A security vulnerability exists in Plesk Obsidian. An attacker exploited the vulnerability to change the administrator password via the /api/v2/cli/commands REST API...

CVE-2022-38380

An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API...

CVE-2022-2572

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...