Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview openshift-origin-controller is a The OpenShift Origin Controller is a Rails plugin which provides the models and controllers which implement the application and user management functionality and provides a REST API. Affected versions of this package are vulnerable to Improper...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation suffers from a security vulnerability that could be exploited by an attack...

CVE-2022-20747

A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker cou...

Vulnerability fixed in Grafana

A vulnerability has been fixed in Grafana Enterprise. The vulnerability allows a malicious party to execute new requests execute under the permissions of old requests within the Grafana API key functionality. Grafana has made available an update with version number 8.4.6 to fix the vulnerability...

Cisco Iox 路径遍历漏洞

Cisco Iox is a secure development environment from Cisco that combines Cisco IOS and Linux OS for secure network connectivity and development of IOT applications. The Cisco Iox application hosting environment suffers from a path traversal vulnerability that stems from insufficient path validation...

aEnrich a+HRD 安全漏洞

aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. The aEnrich a+HRD has a security vulnerability that allows an unauthenticated, remote attacker to control the system or disrupt services by uploading and executing malicious scripts using API functions...

CVE-2022-20755

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...

PT-2022-10154 · Unknown · Mdt Autosave

Name of the Vulnerable Software and Affected Versions: MDT AutoSave versions prior to v6.02.06 Description: An issue exists where an attacker could leverage an API to pass a malicious file, manipulating the process creation command line and potentially running a command line argument. This could...

CVE-2022-27851

Cross-Site Request Forgery CSRF in Use Any Font WordPress plugin = 6.1.7 allows an attacker to deactivate the API key...

CVE-2022-27919

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API...

CVE-2022-25512

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

PT-2022-16851 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.8.2 Description: The issue is a result of improper API route checking, allowing modification of customers and creation of orders without App Permission. This affects Shopware, an open commerce platform based on...

PT-2022-1785 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: The issue is related to multiple vulnerabilities in the API and web-based management interfaces of the affected devices...

CVE-2022-20650

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...

CVE-2022-20650

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...

Aruba AOS-CX 跨站脚本漏洞

Aruba AOS-CX is a modern programmable network from Aruba, USA. The Aruba OS AOS-CX suffers from a cross-site scripting vulnerability that stems from a lack of filtering and escaping of user-submitted parameters in the software. An attacker can trigger cross-site scripting in AOS-CX via the...

Portainer 代码问题漏洞

A code issue vulnerability exists in Portainer Agent, a lightweight user management interface for managing Docker environments and Docker hosts, which stems from the product's failure to associate Portainer instances with past time. An attacker could exploit the vulnerability to cause the API...

CVE-2022-23858

A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2...

UBUNTU-CVE-2022-21248

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

CVE-2021-37867

Mattermost Boards plugin v0.10.0 and earlier fails to protect email addresses of all users via one of the Boards APIs, which allows authenticated and unauthorized users to access this information resulting in sensitive & private information disclosure...