Apex Softcell LD DP Back Office 安全漏洞

Apex Softcell LD DP Back Office is an application from Apex Softcell. Apex Softcell LD DP Back Office has a security vulnerability that stems from improper implementation of the OTP authentication mechanism in certain API endpoints...

Apex Softcell LD DP Back Office 安全漏洞

Apex Softcell LD DP Back Office is an application from Apex Softcell. Apex Softcell LD DP Back Office has a security vulnerability that originates from improper validation of certain parameters "cCdslClicentcode" and "cLdClientCode The vulnerability stems from improper validation of certain...

CVE-2024-45786

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive...

Reedos aiM-Star 安全漏洞

Reedos aiM-Star is a software product from Reedos for mutual fund distribution. A security vulnerability exists in Reedos aiM-Star version 2.0.1, which stems from the lack of a restriction on excessive failed authentication attempts for API-based logins, which could lead to unauthorized access an...

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. A security vulnerability exists in AXIS OS versions 6.50 through 11.10, which stems from the Guard Tour VAPIX API parameter that allows the use of arbitrary values...

PT-2024-31221 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.1 Description: A Server-Side Request Forgery SSRF issue was discovered in SeaCMS. This issue occurs via the url parameter at the "/admin reslib.php" API endpoint. Recommendations: For SeaCMS version 13.1, as a temporary...

TechExcel Back Office Software 安全漏洞

TechExcel Back Office Software is a back office software from TechExcel, Inc. A security vulnerability exists in versions of TechExcel Back Office Software prior to 1.0.0 that stems from improper access control on certain API endpoints and could allow an authenticated, remote attacker to gain...

Trellix IPS Manager 安全漏洞

Trellix IPS Manager is a next-generation IPS for local and virtual networks from FireEye Trellix USA. A security vulnerability exists in Trellix IPS Manager that originates from allowing an unauthenticated remote attacker to bypass authentication and gain access to the manager's API...

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM has a security vulnerability that stems from insufficient access control checks. An attacker exploited the vulnerability to delete records via the API...

PT-2024-31691 · Unknown · Symphony Xts Web Trading

Name of the Vulnerable Software and Affected Versions: Symphony XTS Web Trading version 2.0.0.1 P160 Description: This issue exists due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this by manipulating parameters...

Symphony XTS Web Trader 安全漏洞

Symphony XTS Web Trader is an advanced HTML5-based trading platform from Symphony. A security vulnerability exists in Symphony XTS Web Trader version 2.0.0.1P160 that stems from improper access control to the API. A remote attacker can exploit the vulnerability to manipulate parameters via HTTP...

PT-2024-29379 · Organizr · Organizr

Name of the Vulnerable Software and Affected Versions: Organizr version 1.90 Description: The issue is related to Cross Site Scripting XSS via the "api.php" endpoint. This means an attacker could potentially inject malicious scripts into the website, affecting users' sessions. Recommendations: Fo...

authentik 安全漏洞

authentik is an open source identity provisioning application from authentik Open Source. A security vulnerability exists in authentik versions prior to 2024.6.4 and prior to 2024.4.4 that stems from a user accessing multiple API endpoints without proper authentication/authorization...

Umbraco 安全漏洞

Umbraco is an open source content management system CMS written in C by the Danish company Umbraco. A security vulnerability exists in Umbraco versions prior to 14.1.2, which stems from the fact that certain endpoints in the management API can return stack trace information even if Umbraco is not...

SUSE CVE-2024-43167

DISPUTE NOTE: this issue does not pose a security risk as it according to analysis by the original software developer, NLnet Labs falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet...

SAP Commerce Cloud 信息泄露漏洞

SAP Commerce Cloud is a cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. An information disclosure vulnerability exists in SAP Commerce Cloud that stems from certain OCC API endpoints that allow...

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware versions 6.6.5.1 and 6.5.8.13 and earlier, which stems from the search function in its application API, where the name field in the aggregations object is susceptib...

PrivX 安全漏洞

SSH PrivX is a scalable, cost-effective and highly automated privileged access management PAM solution from SSH. A security vulnerability exists in PrivX versions prior to 34.0 that stems from allowing data leakage and denial of service via the REST API...

PT-2024-11622 · Motorola · Q14 Mesh Router Firmware

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: An authentication bypass issue could allow an attacker to access API functions without authentication. Recommendations: At the moment, there is no information about a newer version that...

Why (and How) APIs and Web Applications Are Under Siege

Read a summary of the latest SOTI report, which tackles the security risks in web applications and APIs, and the infrastructure that powers them...