CVE-2021-38431

An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users...

Zammad 信息泄露漏洞

Zammad is an open source web-based help desk/customer support system. versions prior to Zammad 4.1.1 are vulnerable to information disclosure. An attacker could exploit the vulnerability to obtain sensitive information via the REST API...

PT-2021-5118 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine affected versions not specified Description: The issue is related to insufficient input validation for specific API endpoints in the REST API of Cisco Identity Services Engine. This could allow a remote attacker...

UBUNTU-CVE-2021-39889

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch...

UBUNTU-CVE-2021-39872

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...

PT-2021-22722 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.6 and later Description: The issue allows an attacker to see pending invitations of any public group or public project by visiting a specific "API endpoint". Recommendations: For GitLab CE/EE versions 13.6 and later,...

VMware vCenter Server 信息泄露漏洞

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vmware vCenter Server is vulnerab...

WordPress 插件路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The OMGF WordPress plugin suffers from a path...

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution...

PT-2021-22451 · Capture · Capture

Name of the Vulnerable Software and Affected Versions: pcapture versions prior to 3.12 Description: The issue allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is significant because...

Misskey 跨站脚本漏洞

Misskey is a micro-blogging platform. A cross-site scripting vulnerability exists in versions of Misskey prior to 12.51.0, which stems from a built-in dialog box in the Web client that does not validate and escape user input. An attacker could display a malicious string in the dialog box and use ...

CVE-2021-1580

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller APIC or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see t...

PT-2021-4957 · Cisco · Cisco Apic +1

Name of the Vulnerable Software and Affected Versions: Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC affected versions not specified Description: A vulnerability in the API endpoint of the affected systems could all...

VMware vRealize Operations 日志信息泄露漏洞

vmware VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid, and multi-cloud environments that delivers IT operations management on autopilot. A log information disclosure vulnerability exists in Vmware vRealize Operations Manager that...

Cisco Application Policy Infrastructure Controller 命令注入漏洞

Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco. A command injection vulnerability exists in Cisco Application Policy Infrastructure Controller, which stems from the product's web UI and API endpoint not validati...

VMware vRealize Operations 路径遍历漏洞

vmware VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid, and multi-cloud environments that delivers IT operations management on autopilot. A path traversal vulnerability exists in Vmware vRealize Operations Manager that stems from the...

Larvata Flygo 安全漏洞

Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker authenticated as a regular user to manipulate user data by specifying the employee's ID in an API parameter and...

RPCMS 跨站脚本漏洞

RPCMS is a software application, a web CMS system. RPCMS suffers from a cross-site scripting vulnerability that stems from a failure to properly clean up the nickname variable before it is displayed on a page in RPCMS v1.8 versions and below. With the API functionality turned on, an attacker can...

Dell NetWorker 安全漏洞

DELL EMC NetWorker is a suite of unified backup and recovery software from Dell DELL USA. The software provides backup and recovery, deduplication elimination, backup reporting, and other features. A security vulnerability exists in DELL EMC NetWorker that originates from an improper implementati...

DEBIAN-CVE-2021-32743

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...