The vulnerability of the APIX application programming interface for the AXIS OS operating system allows a hacker to delete any files they desire.

The vulnerability of the APIX application programming interface for the AXIS OS operating system relates to incorrect restrictions on path names to restricted directories. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files remotely...

The vulnerability of the APIX application programming interface for the AXIS OS operating system allows a hacker to delete any files they desire.

The vulnerability of the APIX application programming interface for the AXIS OS operating system relates to incorrect restrictions on path names to restricted directories. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files remotely...

CVE-2023-49241

API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality...

The vulnerability of the application programming interface of the WordPress website management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the WordPress website content management system’s application interface is related to insufficient protection of sensitive data. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information...

Zulip security vulnerability

Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in Zulip version 7.5 that stems from the fact that an active user who previously subscrib...

CVE-2023-36553

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to...

Click Studios Passwordstate Security Breach

Click Studios Passwordstate passwordstate is a password management software from the Click Studios team in Australia. The program provides users with the ability to save their passwords, record their accounts and passwords, and keep them safe. This program provides you with the ability to save yo...

UBUNTU-CVE-2023-41260

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls...

Lenovo XClarity Controller SQL Injection Vulnerability

Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. Lenovo XClarity Controller suffers from a SQL injection vulnerability that originates from an authenticated XCC user with elevated...

Apache Airflow 信息泄露漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions 2.4.0 to 2.7.0 information leakage vulnerability , the...

The vulnerability of the application programming interface of the Oracle Enterprise Command Center Framework, a system for automating business operations in enterprises, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the application software interface implementation of the Oracle Enterprise Command Center Framework of the Oracle E-Business Suite system for enterprise automation activities is related to insufficient verification of input data. Exploiting this vulnerability can allow an...

CVE-2023-43118

Cross Site Request Forgery CSRF vulnerability in Chalet application in Extreme Networks Switch Engine EXOS before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API...

Fortinet FortiEDR 代码问题漏洞

Fortinet FortiEDR is an endpoint security solution built from the ground up by Fortinet. Fortinet FortiEDR suffers from an Access Control Error vulnerability that stems from insufficient handling of session expiration times, which can be exploited by an attacker to execute unauthorized code or...

PT-2023-29102 · Unknown · Fwk-Display

Name of the Vulnerable Software and Affected Versions: Fwk-Display module affected versions not specified Description: The issue concerns an API permission management vulnerability in the Fwk-Display module. Successful exploitation of this vulnerability may cause features to perform abnormally...

CVE-2023-34992

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests...

PT-2023-6001 · Fortinet · Fortisiem

Name of the Vulnerable Software and Affected Versions: FortiSIEM versions 6.4.0 through 6.4.2 FortiSIEM versions 6.5.0 through 6.5.1 FortiSIEM versions 6.6.0 through 6.6.3 FortiSIEM versions 6.7.0 through 6.7.5 FortiSIEM version 7.0.0 Description: The issue is related to an improper neutralizatio...

CVE-2023-20259

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for devic...

The vulnerability of the application software interface of the Cisco DNA Center allows a hacker to read and modify data in its internal repository.

The vulnerability of the Cisco DNA Center’s application programming interface is related to errors in access management. Exploiting this vulnerability allows a malicious actor to remotely read and modify data in the internal repository by sending specially crafted API requests...

CVE-2023-20223

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. An access control error vulnerability exists in the Cisco DNA Center API, which can be exploited by a remote attacker to submit a special request that can read and modify database data and elevate privileges...