idccms 安全漏洞

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in idccms v1.35, which was discovered to contain a cross-site request forgery vulnerabilit...

PT-2024-5326 · Ibm · Ibm App Connect Enterprise

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise versions 11.0.0.1 through 11.0.0.25 IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.0 Description: The issue is related to an error in exception handling in the AdminAPI component of IBM App Connect...

GHSA-3H7Q-RFH9-XM4V Synapse V2 state resolution weakness allows Denial of Service (DoS)

Impact A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in how the auth chain cover index is calculated. This can induce high CPU consumption and accumulate excessive data in the database ...

CVE-2024-31208

Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...

CVE-2024-31208

Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...

PYSEC-2024-50

Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...

CVE-2024-31208

Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...

CVE-2024-31208 Synapse's V2 state resolution weakness allows DoS from remote room members

Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...

CVE-2024-31208 Synapse's V2 state resolution weakness allows DoS from remote room members

Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...

CVE-2024-31208

Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...

CVE-2024-31450 Owncast vulnerable to arbitrary file deletion in emoji.go (GHSL-2023-277)

Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The...

PT-2024-24084 · Owncast · Owncast

Name of the Vulnerable Software and Affected Versions: Owncast versions prior to 0.1.3 Description: Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL "/api/admin". The...

PT-2024-24598 · Tolgee · Tolgee

Name of the Vulnerable Software and Affected Versions: Tolgee versions 3.57.2 through 3.57.3 Description: Tolgee is an open-source localization platform. When an API key created by an admin user is used, it bypasses the permission check at all. Recommendations: For Tolgee versions 3.57.2 through...

CVE-2024-31218 Missing Authentication for Critical Function in Webhood backend

Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP reques...

SUSE-SU-2024:0851-1 Security update for axis

This update for axis fixes the following issues: - CVE-2023-51441: Fixed SSRF when untrusted input is passed to the service admin HTTP API bsc1218605...

PT-2024-20374 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: Jfinalcms version 5.0.0 Description: A SQL injection issue allows a remote attacker to obtain sensitive information. The issue is related to the /admin/admin API endpoint, specifically the name parameter. Recommendations: For Jfinalcms versio...

BIT-MEDIAWIKI-2022-29906

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66 omits a check for the quizadmin user...

BIT-MINIO-2020-11012 Authentication bypass MinIO Admin API

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has bee...

BIT-APISIX-2020-13945

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...

WordPress Plugin Seraphinite Accelerator Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...