CVE-2022-4002

A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request...

CVE-2022-4002

Motorola Q14 Mesh Router firmware vulnerability: a command-injection flaw exists prior to version 1.5.0.16 that could let an authenticated user execute OS commands as root via a crafted API request. The issue affects the Q14 firmware family before the stated fix; exploitation context and in-the-w...

CVE-2022-4003

A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request...

CVE-2022-4003

A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request...

CVE-2022-4003

CVE-2022-4003 affects Motorola Q14 mesh router. A denial-of-service occurs when an authenticated user sends a crafted API request that triggers an internal service restart via the API. Impact is availability (A) high; attacker requires network access and low attack complexity with low privileges....

Motorola Q14 安全漏洞

The Motorola Q14 is a mesh router system from Motorola USA. A security vulnerability exists in the Motorola Q14 prior to v1.5.0.16, which stems from a command injection vulnerability that could allow an authenticated user to execute operating system commands as root via a specially crafted API...

GHSA-V23V-6JW2-98FQ Authz zero length regression

A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions...

Authz zero length regression

A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions...

Buying Stuff For Free From Shopping Websites

Rapid7 is often tasked with evaluating the security of e-commerce sites. When dealing directly with customer financials, the security of these transactions is a top concern. Fortunately, there are ample pre-built e-commerce platforms one can simply purchase or install. From an attacker’s...

Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins AuthZ under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating...

AZL-47042 CVE-2024-41110 affecting package moby-engine for versions less than 24.0.9-7

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

CVE-2024-41110 Moby authz zero length regression

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

CVE-2024-41110 Moby authz zero length regression

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

Exploit for Command Injection in Nginxui Nginx_Ui

CVE-2024-22198 - authenticated remote code execution in Nginx-...

CVE-2024-5812

CVE-2024-5812 affects BeyondInsight PasswordSafe (BIPS) where an attacker with high privileges or a compromised high-privilege account can overwrite Read-Only smart rules via a specially crafted API request. Root cause is described as a bypass of smart rule protection enabling modification by aut...

CVE-2024-5812 Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request...

BeyondInsight Security Breach

BeyondInsight is a Privileged Access Management PAM reporting platform from BeyondTrust USA. BeyondInsight suffers from a security vulnerability that stems from an attacker with an elevated privilege account being able to override read-only smart rules via a specially crafted API request...

Mirth Connect deserialization vulnerability

Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade to...

GHSA-7V7M-PCW5-H3CG Pusher Service Channel Authentication Bypass

The service offered by Pusher provides "private" channels with an authentication mechanism that restricts subscription access. The decision on allowing subscriptions to private channels is delegated to customers, who implement an authentication endpoint. End-users request a token from this endpoi...