PT-2023-19776 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: Funadmin version 3.2.0 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the id parameter at the "/databases/table/list" API endpoint. Recommendations: For Funadmin version 3.2.0, consider restricting...

Wordfence Intelligence: Because Community Created Vulnerabilities Are Community Property

Last August, at Black Hat 2022 in Las Vegas, we launched Wordfence Intelligence, a product designed to provide large enterprise customers with rich IP threat data, malware signatures, malware hashes, and vulnerability data to help keep enterprise customers and networks secure. Our mission at...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from a security vulnerability that stems from the fact that...

CVE-2022-46257 Information disclosure in GitHub Enterprise Server leading to unauthorized viewing of private repository names

An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploi...

Qualys VMDR & Jira Integration Now Available

The increasing number of vulnerabilities poses a significant challenge for most organizations trying to effectively manage and mitigate Cyber risks. According to NVD, the number of vulnerabilities in 2022 increased by approximately 25% as compared to 2021. As we are in start of March the...

PT-2023-13000 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.0 through 7.0.1 FortiWeb versions 6.1 FortiWeb versions 6.2 FortiWeb versions 6.3.0 through 6.3.19 FortiWeb versions 6.4 Description: A path traversal issue in the API of FortiWeb may allow an authenticated attacker to...

SUSE CVE-2022-1708

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

CVE-2021-36225

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation...

CVE-2021-36225

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation...

CVE-2022-43976

An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p03.2.2.17p04.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication...

GE Grid Solutions MS3000 安全漏洞

GE Grid Solutions MS3000 is a transformer monitoring system from GE Grid Solutions, France. A security vulnerability exists in the GE Grid Solutions MS3000 versions prior to 3.7.6.25p03.2.2.17p04.7p0, which stems from the ability to directly access the API on TCP port 8888 without any...

CVE-2022-43976

An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p03.2.2.17p04.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication...

KubeOperator 授权问题漏洞

KubeOperator is an open source, lightweight Kubernetes distribution focused on helping organizations plan, deploy, and operate production-grade K8s clusters. An authorization issue vulnerability exists in KubeOperator versions prior to 3.16.4, which stems from the API interacting with an...

PT-2023-18530 · Kubepi · Kubepi

Name of the Vulnerable Software and Affected Versions: KubePi versions prior to 1.6.4 Description: The issue allows unauthorized access to system API interfaces, potentially leaking sensitive information. This is due to a flaw in how online applications handle routing permissions. There are no...

CVE-2022-39042

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...

Authentication flaw

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...

PT-2023-13675 · Unknown · Aenrich A+Hrd

Name of the Vulnerable Software and Affected Versions: aEnrich a+HRD affected versions not specified Description: The issue is related to improper validation for the login function. An unauthenticated remote attacker can exploit this to bypass authentication and access API functions, allowing the...

CVE-2022-39042 aEnrich a+HRD - Improper Authentication

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...

CVE-2022-4417 WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

PT-2022-28075 · Apiman · Apiman

Name of the Vulnerable Software and Affected Versions: Apiman versions 1.5.7 through 2.2.3.Final Description: The issue is caused by insufficient checks for read permissions within the Apiman Manager REST API, allowing a malicious user to access private APIs they do not have permission for. This ...