PT-2024-28441 · Wagtail · Wagtail

Name of the Vulnerable Software and Affected Versions: Wagtail versions prior to 5.2.6 Wagtail versions prior to 6.0.6 Wagtail versions prior to 6.1.3 Description: A bug in Wagtail's parse query string function would result in it taking a long time to process suitably crafted inputs, leading to a...

CVE-2024-6150

A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning...

CVE-2024-6150

A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning...

CVE-2024-6150

A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning...

CVE-2024-6150

CVE-2024-6150 affects Citrix Provisioning. A non-admin user can cause short-term disruption of Target VM availability via Citrix Provisioning. Root cause per Citrix bulletin is improper access control. Mitigation: upgrade Citrix Provisioning to CR 2402+ or LTSR CU5 (2203 LTSR) / CU9 (1912 LTSR). ...

CVE-2024-6150

A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning...

CVE-2024-40038

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/userScoredeal.php?mudi=rev...

CVE-2024-40039

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/userGroupdeal.php?mudi=del...

PT-2024-37416 · Citrix · Citrix Provisioning

Name of the Vulnerable Software and Affected Versions: Citrix Provisioning affected versions not specified Description: A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning. Recommendations: At the moment, there is no information about a newer version...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in idcCMS v1.35, which originates from a cross-site request forgery vulnerability in the...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Proxy System is a cloud management proxy system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in idcCMS v1.35, which originates from a cross-site request forgery vulnerability in the...

PT-2024-9896 · Sap · Sap Transportation Management

Name of the Vulnerable Software and Affected Versions: SAP Transportation Management Collaboration Portal affected versions not specified Description: The issue allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application, triggering the...

CVE-2024-37768

14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...

CVE-2024-37768

14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...

14Finger Security Vulnerability

14Finger is a full-featured Web fingerprint recognition and sharing platform by b1ackc4t individual developers. A security vulnerability exists in 14Finger version 1.1, which stems from the /api/admin/user component that allows an attacker to access all user information via a crafted GET request...

CVE-2024-37905 Improper Access Control and Incorrect Authorization in github.com/goauthentik/authentik

authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including...

CVE-2024-39158

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/userSysdeal.php?mudi=infoSet...

CVE-2024-39708

An issue was discovered in the Agent in Delinea Privilege Manager formerly Thycotic Privilege Manager before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory used by .NET Shadow Copies such that privilege escalation can occur if the co...

Improper Authentication

github.com/rancher/rancher is vulnerable to Improper Authentication. The vulnerability is due to the default admin user being recreated with a well-known password after Rancher restarts...

CVE-2024-27163

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...