CVE-2023-32230

An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service DoS situation...

Input validation

An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service DoS situation...

MLFlow Security Vulnerability

Mlflow is an open source platform for the machine learning lifecycle. A security vulnerability exists in MLFlow version 2.8.1 and prior versions. A remote attacker exploited the vulnerability to obtain sensitive information via a specially crafted REST API request...

Fortinet FortiSIEM Command Execution Vulnerability (CNVD-2024-13756)

Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation and unified management. Fortinet FortiSIEM suffers from a command execution vulnerability that stem...

CVE-2023-26453

CVE-2023-26453 affects the Open-Xchange App Suite imageconverter service. The vulnerability allows SQL injection by crafting requests to cache an image, with arbitrary SQL statements executed in the context of the service database user. Exploitation requires access to adjacent networks of the ima...

CVE-2023-33303

A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request...

Design/Logic Flaw

A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request...

CVE-2023-33303

A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request...

CVE-2023-33303

Fortinet FortiEDR is affected: FortiEDR 5.0.0–5.0.1 suffers from insufficient session expiration, enabling an attacker to run unauthorized code or commands via API requests. The PT-2023-6014 entry notes the issue, with no fixed version specified and recommends mitigating by restricting API access...

CVE-2023-33303

A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request...

PT-2023-6014 · Fortinet · Fortiedr

Name of the Vulnerable Software and Affected Versions: Fortinet FortiEDR versions 5.0.0 through 5.0.1 Description: The issue is related to insufficient session expiration in Fortinet FortiEDR, which can be exploited by an attacker to execute unauthorized code or commands via an API request. This...

CVE-2023-5333 Denial of Service via multiple identical User IDs in /api/v4/users/ids

Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs...

CVE-2023-20259

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for devic...

Improper access control

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...

CVE-2023-20223

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.6 security and bug fix update

OpenShift API for Data Protection OADP 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2023-41041 User session is still usable after logout in graylog2-server

Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions. Upon a cache-miss,...

gitea -- missing permission checks

The Gitea team reports: Fix missing check Do some missing checks By crafting an API request, attackers can access the contents of issues even though the logged-in user does not have access rights to these issues...

CVE-2023-33176

BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery SSRF vulnerability. In an insertDocument API request the user is able to supply a URL from which the presentation should be...

Server-side Request Forgery (SSRF)

github.com/darklynx/request-baskets is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to the improper validation in the /api/baskets/name path, allowing an admin authenticated attacker to access network resources and sensitive information via a maliciously crafted AP...