CVE-2024-23109

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

WordPress Plugin LearnDash LMS Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-16192 · Openbi · Openbi

Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A problematic issue has been found, affecting the function agent of the file /application/index/controller/Datament.php. The manipulation of the api argument leads to information disclosure. This issue...

The vulnerability of the application programming interface of the Splunk Enterprise platform for operational analysis allows a perpetrator to delete data from the KV Store.

The vulnerability of the application programming interface of the Splunk Enterprise platform for operational analysis is related to deficiencies in access control to the KV Store. Exploiting this vulnerability could allow a malicious actor to delete data from the KV Store...

VulnCheck KEV: CVE-2021-42567

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...

QSIGE Security Vulnerabilities

QSIGE is an intelligent waiting management system from QSIGE, Inc. A security vulnerability exists in QSIGE that stems from omitting key control authorization, allowing an attacker to extract sensitive information from the API...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Plotly.js Security Vulnerability

Plotly.js is Plotly open source an independent Javascript data visualization library . Plotly.js version before 2.25.2 has a security vulnerability , the vulnerability stems from a prototype contamination problem in the API call...

PT-2023-32722 · WordPress · Essential Blocks

Name of the Vulnerable Software and Affected Versions: The Essential Blocks WordPress plugin versions prior to 4.4.3 Description: The issue allows unauthenticated attackers to overwrite local variables when rendering templates over the REST API, potentially leading to Local File Inclusion attacks...

PT-2023-9808

Name of the Vulnerable Software and Affected Versions Proxmox Virtual Environment versions 8.2.2 and earlier Description The issue is related to insufficient safeguards against malicious API response values in Proxmox Virtual Environment, allowing authenticated attackers with 'Sys.Audit' or...

Nextcloud Access Control Error Vulnerability

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. An Access Control Error vulnerability exists in Nextcloud Server, which stems from the ability to delete and modify workflows by bypassing calls sent direct...

CVE-2023-27319

ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API...

Mozilla Firefox Security Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 121, which stems from a lack of exception handling in TypedArray, leading to abuse of other APIs...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from the fact that under...

Progress Software WhatsUp Gold Access Control Error Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

PT-2023-32783 · Microweber · Microweber

Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 2.0 Description: A vulnerability has been identified in microweber where users can exploit business logic errors to obtain items at a lower price. This occurs when the admin disables the use of the coup...

CVE-2023-6758

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit...

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. Palo Alto Networks PAN-OS suffers from a command injection vulnerability that stems from a failure to properly filter construct command special characters, commands, etc. in the XML API. An attacker cou...