The vulnerability of the application software interface for Active Directory Domain Services on the Windows operating system allows a perpetrator to cause a service failure.

The vulnerability of the Active Directory Domain Services application programming interface for the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Github saleor 安全漏洞

Github saleor is a headless GraphQL commerce platform that delivers a super-fast, dynamic, personalized shopping experience. Beautiful online store, anywhere, on any device. Github saleor suffers from a security vulnerability that stems from some internal exceptions that are not handled correctly...

SUSE CVE-2010-4091

The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted PDF document that triggers memory corruption,...

SUSE CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

SUSE CVE-2017-1000388

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...

SUSE CVE-2021-23975

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects...

SUSE CVE-2022-30034

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

CVE-2022-48302

The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality...

PT-2023-15554 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad version 5.3.0 Description: Insufficient privilege verification allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. The issue has been corrected so that only agents with write...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad version v5.3.0, which stems from insufficient privilege validation, and can be exploited by an attacker to make changes to the labels of its customers' tickets using the Zamma...

CVE-2022-26872

AMI Megarac Password reset interception via API...

PT-2023-1336 · Ami · Ami Megarac

Name of the Vulnerable Software and Affected Versions: AMI MegaRAC affected versions not specified Description: The issue is related to insufficient password hash computation in the Redfish and API components of the AMI MegaRAC firmware. This could allow a remote attacker to gain unauthorized...

GHSA-Q764-G6FM-555V Path traversal in spotipy

Summary If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. Details The code Spotipy uses to parse URIs and URLs accepts user data too liberally which allows a malicious user to insert arbitrary characters...

API Mediation Layer 授权问题漏洞

The API Mediation Layer is an API mediation layer that provides a single access point to the Mainframe Services REST API. A security vulnerability exists in API Mediation Layer versions 1.16 through 1.19. An attacker exploiting this vulnerability could manipulate JWT tokens without knowing the JW...

PT-2023-14418 · Ge Grid Solutions · Fc46-Webbridge

Name of the Vulnerable Software and Affected Versions: FC46-WebBridge on GE Grid Solutions MS3000 devices versions prior to 3.7.6.25p0 3.2.2.17p0 4.7p0 Description: An issue was discovered that allows direct access to the API on TCP port 8888 via programs located in the cgi-bin folder without any...

firefly-iii 授权问题漏洞

firefly-iii is a free and open source personal finance manager. A vulnerability with authorization issues exists in versions of firefly-iii prior to 5.8.0, which stems from its API failing to properly check authorization...

PT-2023-14738 · Unknown · Doctor Appointment Management System

Name of the Vulnerable Software and Affected Versions: Doctor Appointment Management System version 1.0.0 Description: The issue is related to a cross-site scripting XSS vulnerability. Cross-site scripting is a type of security vulnerability that occurs when an attacker is able to inject maliciou...

aEnrich a+HRD 授权问题漏洞

aEnrich a+HRD is a full-service human resources development solution from aEnrich, Inc. A security vulnerability exists in aEnrich a+HRD that stems from an incorrect login authentication feature in its a+HRD allowing an unauthenticated, remote attacker to bypass authentication and gain access to...

memos 访问控制错误漏洞

memos is an open source hosted meme center with knowledge management and social features. An access control error vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to view any content in a private private memo from another user via the api...

memos 安全漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to delete all notes across the application via the API...