109 matches found
Design/Logic Flaw
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission...
CVE-2022-39074
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission...
ZTE 手机 安全漏洞
The ZTE cell phone is a network device from China's ZTE Corporation ZTE. ZTE's cellular device. The ZTE phone suffers from a security vulnerability that stems from the fact that if a malicious application is installed on the phone, it may launch the application's non-public interface without the...
PT-2023-13685 · Zte · Zte Mobile Phones
Name of the Vulnerable Software and Affected Versions: ZTE mobile phones affected versions not specified Description: The issue allows for unauthorized access. A malicious application installed on the phone could start a non-public interface of an application without user permission...
Parse Server 代码问题漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.4.4 and 6.0.0 through 6.1.1, which stems from a malicious user being able to upload HTML files to Parse Server via its public...
Ghost 信息泄露漏洞
Ghost CMS is an open source headless content management system CMS written in JavaScript from the Ghost Foundation in Singapore. An information disclosure vulnerability exists in Ghost versions prior to 5.46.1 that stems from a lack of validation when filtering on public API endpoints , which can...
CVE-2023-28761
In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity...
CVE-2022-46383
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint Incorrect Access Control. The token can be used to escalate privileges within the Digital Rebar system and grant full...
PT-2022-16235 · Lg · Webos
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue allows an attacker to bypass API access control due to a public API error. Recommendations: At the moment, there is no information about a newer version that contains a fix fo...
public API安全漏洞
The public API is a list of free API collections for software and web development. A security vulnerability exists in the public API that could allow an attacker to bypass API access controls...
CVE-2021-40360
A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...
CVE-2021-40360
A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...
Zulip 安全漏洞
Zulip server is an open source team chat application from the American company Zulip. A security vulnerability exists in Zulip Server versions prior to 3.4 that stems from a public API that causes guest users to be able to receive message traffic from a public stream that should only be accessibl...
CVE-2021-25760
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible...
HCL Domino Denial of Service Vulnerability (CNVD-2020-75064)
HCL Domino is a server for collaborative client-server software platforms. A denial of service vulnerability exists in HCL Domino 10 and 11. The vulnerability stems from insufficient input validation to the public API. An attacker could exploit the vulnerability to cause the Domino server to cras...
SQL Injection Vulnerability in Shield Spirit Voting Sucker System (CNVD-2020-62840)
Shield Spirit Voting Powder Sucking System can be applied to the public number, through the WeChat public number of the message interface to collect the user to send the vote number of the data to reach the vote, with anti-brush voting voting function, but also efficiently suck the live powder...
SQL Injection Vulnerability in Shield Spirit Voting Sucker System (CNVD-2020-62832)
Shield Spirit Voting Powder Sucking System can be applied to the public number, through the WeChat public number of the message interface to collect the user to send the vote number of the data to reach the vote, with anti-brush voting voting function, but also efficiently suck the live powder...
Product release: Virtuozzo Infrastructure Platform 3.5 Update 1 (3.5.1-43)
This update provides a new feature as well as fixes and improvements. Vulnerability id: VSTOR-30003 Unable to release node from cluster: 'Unable to send message to any node in ABGW cluster'. Vulnerability id: VSTOR-30135 No read/write data on dashboards if multipath is configured. Vulnerability i...
PT-2019-12799 · Containous +1 · Traefik +1
Name of the Vulnerable Software and Affected Versions: Containous Traefik versions 1.7.x through 1.7.11 Description: The issue allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading...
idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-12121)
iCMS is an efficient and simple content management system built with PHP and MySQL. A cross-site request forgery vulnerability exists in idreamsoft iCMS 7.0.14 and earlier versions, which can be exploited by an attacker to delete a user's posts via public/api.php?app=user URI...