UBUNTU-CVE-2025-0194

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner...

WordPress Ultimate Endpoints With Rest Api plugin <= 2.2.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Ultimate Endpoints With Rest Api versions = 2.2.2...

ROS-20241212-04

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-02

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-24

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-22

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

UBUNTU-CVE-2024-47760

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue...

GLPI 访问控制错误漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

GLPI 访问控制错误漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

PT-2024-13527 · It Path Solutions · It Path Solutions Contact Form To Any Api

Name of the Vulnerable Software and Affected Versions: IT Path Solutions Contact Form to Any API versions 1.1.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels...

zhmcclient 安全漏洞

zhmcclient is a server interface to the zhmcclient open source. A security vulnerability exists in zhmcclient that stems from the fact that under certain circumstances, zhmcclient writes password-like attributes in plaintext to its HMC and API logs...

Vulnerability fixed in Zabbix

A vulnerability has been fixed in Zabbix. The vulnerability is in how the CUser class handles the addRelatedObjects function. This could allow non-administrators with API access to perform an SQL injection, which could lead to unauthorized access to sensitive data. The vulnerability could enable...

DEBIAN-CVE-2024-42327

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is availabl...

UBUNTU-CVE-2024-36467

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

CVE-2024-50365

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...

Fides 安全漏洞

Fides is an open source privacy engineering platform open-sourced by Ethyca to manage the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Fides that stems from a user invitation to accept an...

tuned 安全漏洞

tuned is tuned open source server-side program for a dynamic system tuning tool. The program is mainly used to monitor and collect data from various system components, and dynamically adjust system settings based on the information provided by the data. A security vulnerability exists in tuned,...

PT-2024-9293 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.2.4 through 17.4.5 GitLab CE/EE versions 17.5 through 17.5.3 GitLab CE/EE versions 17.6 through 17.6.1 Description: A denial of service DoS condition was discovered in GitLab CE/EE. This issue is related to inefficien...

CVE-2020-26073

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application...

Incognito Service Activation Center 安全漏洞

Incognito Service Activation Center Incognito SAC is a cloud-native solution from Incognito that automates the delivery of intent-based IP services through any access technology and simplifies back-end processes to reduce operational expenses. A security vulnerability exists in Incognito Service...