545 matches found
TeamCity Server < 2023.11.3 Multiple Vulnerabilities
According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.3. It is, therefore, affected by multiple vulnerabilities: - Authentication bypass leading to RCE vulnerability CVE-2024-23917 - Path traversal allowed...
CVE-2023-4503
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...
WordPress 6.0 < 6.4.3
WordPress versions 6.0 6.4.3 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security Advisory wordpress-6-4-3-maintenance-and-security-release. include'compat.inc'; if description...
Cross Site Scripting (XSS)
labelstudio is vulnerable to Cross Site Scripting XSS. The vulnerability is due to not sanitizing/validating the HTML/JavaScript file that was downloaded from the import data feature from a remote web resource. An attacker can exploit this to download a HTML file that executes malicious JavaScrip...
CVE-2024-23633 Label Studio XSS Vulnerability on Data Import
Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...
eap-galleon: custom provisioning creates unsecured http-invoker
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...
eap-galleon: custom provisioning creates unsecured http-invoker
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...
ManageEngine NetFlow Analyzer 12.5.x < 12.5.657 / 12.6.x < 12.6.002 / 12.6.104 / 12.6.118 Authenticate Bypass
The version of ManageEngine NetFlow Analyzer running on the remote web server 12.5.x prior to 12.5.657, or 12.6.x prior to 12.6.002 / 12.6.104 / 12.6.118. It is, there, affected by an authentication bypass vulnerability. Due to the lack of proper request handling an unauthenticated, remote attack...
Trellix Enterprise Security Manager < 11.6.8 SSRF
The version of Trellix Enterprise Security Manager running on the remote web server is prior to 11.6.8. It is, therefore, affected by a server-side request forgery SSRF vulnerability. Due to a flaw in the certificate validation functionality, a remote, authenticated attacker can upload arbitrary...
ManageEngine SupportCenter Plus < 14.2 Build 14200
The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.2 Build 14200. It is, therefore, affected by a vulnerability as referenced in the support-centerCVE-2023-38331 advisory. - Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS i...
Jenkins LTS < 2.414.2 / Jenkins weekly < 2.424 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.414.2 or Jenkins weekly prior to 2.424. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through...
CVE-2023-2971
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...
Path traversal
Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies tex...
CVE-2023-2971 Typora Local File Disclosure
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...
CVE-2023-2971 Typora Local File Disclosure
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...
SUSE CVE-2023-4360
Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...
Jenkins LTS < 2.401.3 / Jenkins weekly < 2.416 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.401.3 or Jenkins weekly prior to 2.416. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not saniti...
Jenkins LTS < 2.401.1 / Jenkins weekly < 2.400 XSRF
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.401.1 or Jenkins weekly prior to 2.400. It is, therefore, affected by the following vulnerability: - In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST...
FatPipe MPVPN < 10.1.2r60p91 / 10.2.2 < 10.2.2r42 Multiple Vulnerabilities
According to its self-reported version, the instance of FatPipe MPVPN running on the remote web server is 10.1.2r60p91 or 10.2.2 10.2.2r42. It is, therefore, affected by multiple vulnerabilities, including: - FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42...
WordPress 6.0 < 6.2.1
WordPress versions 6.0 6.2.1 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security Advisory wordpress-6-2-1-maintenance-security-release. include'compat.inc'; if description...