CVE-2024-20527

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...

PYSEC-2024-238

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints includ...

SUSE CVE-2024-39719

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...

PT-2024-8001 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.1.0 through 10.0.16 Description: The issue is related to incorrect access control in the GLPI system, which can allow a remote attacker to exploit the vulnerability and potentially disclose confidential information. A technici...

PYSEC-2024-202

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

CVE-2024-51559

This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts...

PT-2024-34701 · Wave · Wave

Name of the Vulnerable Software and Affected Versions: Wave 2.0 Description: This issue is due to missing restrictions for excessive failed authentication attempts on the API-based login. A remote attacker could exploit this by conducting a brute force attack against legitimate user OTP, MPIN, or...

PT-2024-34699 · Wave · Wave

Name of the Vulnerable Software and Affected Versions: Wave version 2.0 Description: The issue arises from insufficient encryption of sensitive data received at the API response, allowing an authenticated remote attacker to exploit it by manipulating API input parameters. This could lead to...

Brokerage Wave 安全漏洞

Brokerage Wave is a frontend product from Brokerage, Inc. A security vulnerability exists in Brokerage Wave version 2.0, which stems from a lack of limitations on too many failed authentication attempts for API-based logins, which could allow an attacker to cause unauthorized access by brute-forc...

PT-2024-33280 · Zimaos · Zimaos

Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue allows unauthenticated users to access sensitive information, such as usernames, through the API endpoint http:///v1/users/name without any authorization. This could be exploited by an...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab version 11.4 up to and including...

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. JetBrains YouTrack suffers from an improp...

VegaBird Vooki 安全漏洞

VegaBird Vooki is a free web application vulnerability scanning tool from VegaBird Open Source that helps users to scan any web application and find vulnerabilities.Vooki consists of three main parts: a web application scanner, a Rest API scanner, and a reporting feature. VegaBird Vooki version...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki suffers from a security vulnerability that stems from the fact that even though API...

Shilpi Client Dashboard 安全漏洞

Shilpi Client Dashboard is a centralized dashboard from Shilpi. A security vulnerability exists in Shilpi Client Dashboard versions prior to 9.7.0 that stems from a lack of authorization to modify and cancel requests via certain API endpoints, which could result in unauthorized modification of...

PT-2024-32710 · Unknown · Shilpi Client Dashboard

Name of the Vulnerable Software and Affected Versions: Shilpi Client Dashboard affected versions not specified Description: This issue exists due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this by including multiple userid...

PT-2024-32382 · Unknown · Computer Vision Annotation Tool

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.19.0 Description: The issue allows an attacker to initiate API calls on behalf of a logged-in user if they can trick the user into visiting a maliciously-constructed URL. This gives the...

PT-2024-9159 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.11 Nextcloud Server versions prior to 29.0.8 Nextcloud Server versions prior to 30.0.1 Nextcloud Enterprise Server versions prior to 25.0.13.13 Nextcloud Enterprise Server versions prior to 26.0.13.9...

UBUNTU-CVE-2024-8606

Bypass of two factor authentication in RestAPI in Checkmk 2.3.0p16 and 2.2.0p34 allows authenticated users to bypass two factor authentication...

Apex Softcell LD DP Back Office 安全漏洞

Apex Softcell LD DP Back Office is an application from Apex Softcell. Apex Softcell LD DP Back Office has a security vulnerability that stems from improper implementation of the OTP authentication mechanism in certain API endpoints...