JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. JetBrains YouTrack suffers from an improp...

VegaBird Vooki 安全漏洞

VegaBird Vooki is a free web application vulnerability scanning tool from VegaBird Open Source that helps users to scan any web application and find vulnerabilities.Vooki consists of three main parts: a web application scanner, a Rest API scanner, and a reporting feature. VegaBird Vooki version...

PT-2024-32710 · Unknown · Shilpi Client Dashboard

Name of the Vulnerable Software and Affected Versions: Shilpi Client Dashboard affected versions not specified Description: This issue exists due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this by including multiple userid...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki suffers from a security vulnerability that stems from the fact that even though API...

Shilpi Client Dashboard 安全漏洞

Shilpi Client Dashboard is a centralized dashboard from Shilpi. A security vulnerability exists in Shilpi Client Dashboard versions prior to 9.7.0 that stems from a lack of authorization to modify and cancel requests via certain API endpoints, which could result in unauthorized modification of...

The vulnerability of the application programming interface of the Grafana monitoring and observation platform’s Endpoint allows a perpetrator to escalate their privileges.

The vulnerability of the application programming interface of the Grafana monitoring and observation platform allows a perpetrator to enhance their privileges. This vulnerability is related to insufficient spatial separation. Exploiting this vulnerability could enable a remote perpetrator to...

PT-2024-32382 · Unknown · Computer Vision Annotation Tool

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.19.0 Description: The issue allows an attacker to initiate API calls on behalf of a logged-in user if they can trick the user into visiting a maliciously-constructed URL. This gives the...

PT-2024-9159 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.11 Nextcloud Server versions prior to 29.0.8 Nextcloud Server versions prior to 30.0.1 Nextcloud Enterprise Server versions prior to 25.0.13.13 Nextcloud Enterprise Server versions prior to 26.0.13.9...

UBUNTU-CVE-2024-8606

Bypass of two factor authentication in RestAPI in Checkmk 2.3.0p16 and 2.2.0p34 allows authenticated users to bypass two factor authentication...

Apex Softcell LD DP Back Office 安全漏洞

Apex Softcell LD DP Back Office is an application from Apex Softcell. Apex Softcell LD DP Back Office has a security vulnerability that originates from improper validation of certain parameters "cCdslClicentcode" and "cLdClientCode The vulnerability stems from improper validation of certain...

CVE-2024-45786

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive...

Reedos aiM-Star 安全漏洞

Reedos aiM-Star is a software product from Reedos for mutual fund distribution. A security vulnerability exists in Reedos aiM-Star version 2.0.1, which stems from the lack of a restriction on excessive failed authentication attempts for API-based logins, which could lead to unauthorized access an...

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. A security vulnerability exists in AXIS OS versions 6.50 through 11.10, which stems from the Guard Tour VAPIX API parameter that allows the use of arbitrary values...

PT-2024-31221 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.1 Description: A Server-Side Request Forgery SSRF issue was discovered in SeaCMS. This issue occurs via the url parameter at the "/admin reslib.php" API endpoint. Recommendations: For SeaCMS version 13.1, as a temporary...

TechExcel Back Office Software 安全漏洞

TechExcel Back Office Software is a back office software from TechExcel, Inc. A security vulnerability exists in versions of TechExcel Back Office Software prior to 1.0.0 that stems from improper access control on certain API endpoints and could allow an authenticated, remote attacker to gain...

The vulnerability of the Cisco Smart License Utility software management software lies in its ability to disclose information through registration files, allowing a violator to gain unauthorized access to confidential information and unauthorized access to the API.

The vulnerability of the Cisco Smart License Utility software relates to the disclosure of information through registration files. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to confidential information and to obtain unauthorized access to...

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM has a security vulnerability that stems from insufficient access control checks. An attacker exploited the vulnerability to delete records via the API...

Trellix IPS Manager 安全漏洞

Trellix IPS Manager is a next-generation IPS for local and virtual networks from FireEye Trellix USA. A security vulnerability exists in Trellix IPS Manager that originates from allowing an unauthenticated remote attacker to bypass authentication and gain access to the manager's API...

Symphony XTS Web Trader 安全漏洞

Symphony XTS Web Trader is an advanced HTML5-based trading platform from Symphony. A security vulnerability exists in Symphony XTS Web Trader version 2.0.0.1P160 that stems from improper access control to the API. A remote attacker can exploit the vulnerability to manipulate parameters via HTTP...

PT-2024-31691 · Unknown · Symphony Xts Web Trading

Name of the Vulnerable Software and Affected Versions: Symphony XTS Web Trading version 2.0.0.1 P160 Description: This issue exists due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this by manipulating parameters...