CVE-2024-12108

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API...

CVE-2024-12108

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API...

CVE-2024-12108 WhatsUp Gold - Public API signing key rotation issue

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API...

CVE-2024-12108

CVE-2024-12108 affects Progress WhatsUp Gold versions before 2024.0.2. The available connected sources indicate that an attacker can gain unauthorized access to the WhatsUp Gold server through the public API. The impact is described as high/critical in CVSS terms (network access, low attack compl...

Unsound usages of `u8` type casting in spl-token-swap

The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...

RUSTSEC-2024-0426 Unsound usages of `u8` type casting

The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...

Malicious code in public-api-signature-calculator-example (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11428 Malicious code in public-api-signature-calculator-example (npm)

--- -= Per source details. Do not edit below this line.=-...

OPENSUSE-SU-2024:0382-1 Security update for cobbler

This update for cobbler fixes the following issues: Update to 3.3.7: Security: Fix issue that allowed anyone to connect to the API as admin CVE-2024-47533, boo1231332 bind - Fix bug that prevents cname entries from being generated successfully Fix build on RHEL9 based distributions fence-agents-a...

CVE-2023-32193

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely...

CVE-2023-32193

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely...

GO-2024-2536 Cross-site scripting in public API in github.com/rancher/norman

Cross-site scripting in public API in github.com/rancher/norman...

Cross-site Scripting (XSS)

github.com/rancher/apiserver is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the ParseRequestURL function within base.go constructing a URL from parts of the request without proper sanitization. This flaws allows an attacker to execute arbitrary JavaScript by sending a...

Cross Site Scripting (XSS)

github.com/rancher/norman is vulnerable to Cross Site Scripting XSS . The vulnerability is due to a lack of URL validation within the ParseRequestURL method. An attacker can execute arbitrary JavaScript by sending a crafted payload to a public API endpoint, resulting in XSS...

Wallarm to Unveil New API Security Solution and Strategic Shift at Black Hat Europe 2023

If you're involved with cybersecurity and are based in Europe, then Black Hat Europe 2023 in London, December 6 and 7 is a must-attend event. Wallarm, the experts in API and Application Security, will be attending the event, and we're excited to connect with you. If you are planning to attend, co...

Malicious code in docs-public-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ef1db73ad9c5c4da2dd3bded796ac7c4f660ab81ff6fd5cd77f0452265d05d6f Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8026 Malicious code in docs-public-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ef1db73ad9c5c4da2dd3bded796ac7c4f660ab81ff6fd5cd77f0452265d05d6f Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

F5 Networks BIG-IP : OpenSSL vulnerability (K000132946)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.0.1. It is, therefore, affected by a vulnerability as referenced in the K000132946 advisory. The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is...

Phishing Attack

parse-server is vulnerable to Phishing Attacks. A malicious user is able to upload an HTML file to the system via its public API, which is available at the internet domain where Parse Server is hosted, allowing the URL of the uploaded HTML files to be used for phishing attacks...

CVE-2023-33796

A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; querie...