Nextcloud Access Control Error Vulnerability

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. An Access Control Error vulnerability exists in Nextcloud Server, which stems from the ability to delete and modify workflows by bypassing calls sent direct...

CVE-2023-27319

ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API...

Mozilla Firefox Security Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 121, which stems from a lack of exception handling in TypedArray, leading to abuse of other APIs...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from the fact that under...

Progress Software WhatsUp Gold Access Control Error Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

PT-2023-32783 · Microweber · Microweber

Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 2.0 Description: A vulnerability has been identified in microweber where users can exploit business logic errors to obtain items at a lower price. This occurs when the admin disables the use of the coup...

CVE-2023-6758

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit...

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. Palo Alto Networks PAN-OS suffers from a command injection vulnerability that stems from a failure to properly filter construct command special characters, commands, etc. in the XML API. An attacker cou...

IceCMS Information Disclosure Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation of NgShow individual developers. An information leakage vulnerability exists in IceCMS version 2.0.1, which originates from the presence of an unknown function in /adplanet/PlanetUser in the API...

CVE-2023-36647

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...

ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2 that stems from SQL injection when a user searches a REST API endpoint...

CVE-2023-49241

API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality...

AXIS OS Path Traversal Vulnerability

AXIS Os is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from the VAPIX API irissetup.cgi being susceptible to a path traversal attack that allows file deletion...

Zulip security vulnerability

Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in Zulip version 7.5 that stems from the fact that an active user who previously subscrib...

CVE-2023-36553

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to...

Click Studios Passwordstate Security Breach

Click Studios Passwordstate passwordstate is a password management software from the Click Studios team in Australia. The program provides users with the ability to save their passwords, record their accounts and passwords, and keep them safe. This program provides you with the ability to save yo...

UBUNTU-CVE-2023-41260

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls...

Lenovo XClarity Controller SQL Injection Vulnerability

Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. Lenovo XClarity Controller suffers from a SQL injection vulnerability that originates from an authenticated XCC user with elevated...

Apache Airflow 信息泄露漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions 2.4.0 to 2.7.0 information leakage vulnerability , the...

CVE-2023-43118

Cross Site Request Forgery CSRF vulnerability in Chalet application in Extreme Networks Switch Engine EXOS before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API...