27 matches found
Directory Traversal
Overview InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process Affected versions of this package are vulnerable to Directory Traversal through the web API POST /api/v1/images/delete. An attacker can delete arbitrar...
PT-2024-5562
SAP BusinessObjects Business Intelligence Platform versions 4.30 and 4.40 The issue involves a missing authentication check in the SAP BusinessObjects Business Intelligence Platform when Single Signed On is enabled on Enterprise authentication. An unauthorized user can obtain a logon token by...
WordPress plugin InstaWP Connect 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
DEBIAN-CVE-2022-45132
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
Information Disclosure
motioneye is vulnerable to information disclosure. The vulnerability exists due to an insecure access control allowing an attacker to access sensitive information via the GET request to web API /config/list endpoint when a user's password is not configured...
OSIsoft PI Server 跨站脚本漏洞
Osisoft OSIsoft PI is a commercial software application platform based on the Ckient/Server architecture from OSIsoft Osisoft, USA. The platform supports data collection, analysis and visualization, etc. A security vulnerability exists in OSIsoft PI Server, which can be exploited by remote...
Red Hat Data Grid 跨站请求伪造漏洞
Red Hat Data Grid is a memory-based Nosql database with distributed support from Red Hat. Red Hat Data Grid 8.2.0 suffers from a cross-site request forgery vulnerability that stems from a lack of authentication measures or insufficient authentication strength in a networked system or product. An...