CVE-2024-6039 Feng Office Workspaces sql injection

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

CVE-2024-6039

CVE-2024-6039 affects Feng Office 3.11.1.2 in the Workspaces component. The vulnerability stems from improper handling of the dim argument, leading to a SQL injection that can be triggered remotely. Public exploit info is noted in multiple sources. Impact is described as critical in the CVE recor...

PT-2024-37337 · Unknown · Feng Office

Name of the Vulnerable Software and Affected Versions: Feng Office version 3.11.1.2 Description: A critical issue was found in the Workspaces component, where the manipulation of the dim argument leads to SQL injection. This can be exploited remotely. Recommendations: For Feng Office version...

CVE-2024-3033

An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specifi...

CVE-2024-3033

The CVE-2024-3033 issue affects mintplex-labs/anything-llm, specifically the "/api/v/" endpoint and its sub-routes. It is described as an improper authorization vulnerability that allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and del...

CVE-2024-3033 Improper Authorization in mintplex-labs/anything-llm

An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specifi...

GHSA-G4XV-R3QW-V3Q2 typo3 Information Disclosure Security Note

Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place. Note that this only allows readi...

MeterSphere 安全漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A security vulnerability exists in versions prior to MeterSphere 2.10.15-lts that stems from allowing users without workspace privileges to view functional test cases in other workspaces that exceed their...

Neos Information Disclosure Security Note

Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place. Note that this only allows readi...

PT-2024-40059 · Typo3 · Typo3 Neos

Name of the Vulnerable Software and Affected Versions: TYPO3 Neos affected versions not specified Description: A privilege escalation issue has been discovered, allowing logged-in editors to access, create, and modify content nodes that exist in the workspace of other editors. Recommendations: At...

PT-2024-40044 · Neos · Neos

Name of the Vulnerable Software and Affected Versions: Neos affected versions not specified Description: The issue allows unauthorized access to internal workspaces in Neos without authentication. This means that internal workspaces, which are non-public and do not have an owner, can be viewed by...

gnome-shell, gnome-menus, and gnome-shell-extensions bug fix update

An update is available for gnome-menus. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNOME Shell acts as a compositing manager for the desktop, and displays...

CVE-2024-32467 Meteraphsere vulnerable to unauthorized viewing by workspace members

MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue...

Porch-Pirate - The Most Comprehensive Postman Recon / OSINT Client And Framework That Facilitates The Automated Discovery And Exploitation Of API Endpoints And Secrets Committed To Workspaces, Collections, Requests, Users And Teams

Porch Pirate started as a tool to quickly uncover Postman secrets, and has slowly begun to evolve into a multi-purpose reconaissance / OSINT framework for Postman. While existing tools are great proof of concepts, they only attempt to identify very specific keywords as "secrets", and in very...

[SECURITY] Fedora 40 Update: maven-resolver-1.9.18-3.fc40

Apache Maven Artifact Resolver is a library for working with artifact repositories and dependency resolution. Maven Artifact Resolver deals with the specification of local repository, remote repository, developer workspaces, artifact transports and artifact resolution...

BIT-JENKINS-2021-21615

Jenkins LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...

BIT-DRUPAL-2020-13667

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see conten...

CVE-2024-24593

A cross-site request forgery CSRF vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to...

CVE-2024-24593

A cross-site request forgery CSRF vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to...