PT-2021-6527 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.15 and earlier MediaWiki versions 1.32.x through 1.35.x before 1.35.3 MediaWiki versions 1.36.x before 1.36.1 Description: The issue concerns unintended API access for bots in MediaWiki. When a bot account has a...

CVE-2020-25634

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected...

CVE-2020-26677

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API...

Cisco SD-WAN vManage Software 资源管理错误漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A denial of service vulnerability exists in the API of Cisco SD-WAN vManage, which stems from insufficient handling of API requests and can be exploited by an attacker to cau...

CVE-2021-31926

AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTPS request directly to the applicable API endpoint despite not having permission to make changes to the system's network...

CubeCoders AMP 安全漏洞

AMP is a software application. for tracking all issues and bugs within the CubeCoders AMP platform. A security vulnerability exists in CubeCoders AMP versions prior to 2.1.x series 2.1.1.2 that allows an authenticated remote user to open a port in the local system firewall by writing an HTTPS...

China Mobile An Lianbao WF-1 命令注入漏洞

China Mobile An Lianbao WF-1 router is a router from China Mobile China. A security vulnerability exists in China Mobile An Lianbao WF-1 1.01, which originates from a POST request to api ZRQos to set up an online client via the "ip" parameter...

Unnamed Vulnerability in Juniper Networks Junos OS

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Junos OS has a security vulnerability, and no details of the vulnerability are provided at this time...

Juniper Networks Junos OS HTTP Response Splitting Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Junos OS has a security vulnerability, and no details of the vulnerability are provided at this time...

Juniper Networks Junos OS 权限许可和访问控制问题漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Junos OS is vulnerable to privilege permission and access control issues, for which no information is currently available...

Juniper Networks Junos OS 信任管理问题漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. There is a security vulnerability in Junos OS. No information about this vulnerability is available at this...

PT-2021-15763

Name of the Vulnerable Software and Affected Versions: Thrive Optimize WordPress plugin versions prior to 1.4.13.3 Thrive Comments WordPress plugin versions prior to 1.4.15.3 Thrive Headline Optimizer WordPress plugin versions prior to 1.3.7.3 Thrive Leads WordPress plugin versions prior to 2.3.9...

MediaWiki 权限许可和访问控制问题漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.31.12 and versions prior to 1.32.x series 1.35.x...

Dolby DAX2 API Service 代码问题漏洞

The Dolby DAX2 API Service is an audio service component from Dolby Laboratories USA. A code issue vulnerability exists in Dolby Audio X2 DAX2 API service versions prior to 0.8.8.90 that allows local users to gain privileges...

UBUNTU-CVE-2021-22202

An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API...

PT-2021-15238 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.0.4 GitHub Enterprise Server versions prior to 2.22.10 GitHub Enterprise Server versions prior to 2.21.18 Description: An improper access control issue was identified that allowed access tokens...

GitHub node-etsy-client 信息泄露漏洞

GitHub node-etsy-client is a GitHub open source application. nodeJs Etsy ReST API client. A security vulnerability exists in node-etsy-client that stems from a reported client-side error will also provide the api key value...

Cisco IOS XE Software 操作系统命令注入漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A command injection vulnerability exists in the web UI of Cisco IOS XE. The vulnerability stems from the affected software not properly validating values parsed from a specific...

IBM Spectrum Scale 安全漏洞

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...

IBM API Connect 安全漏洞

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. IBM API Connect suffers from a security vulnerability that allows an attacker to be able to use ...