WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Broken Access Control on API vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Master Addons for Elementor versions = 2.0.5.4.1...

DRUPAL-CONTRIB-2024-022

Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider...

PT-2024-3967 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.03.2 Description: The issue is related to insufficient authorization procedures in JetBrains TeamCity, a continuous integration and continuous delivery CI/CD system. This allows a remote attacker to...

Nautobot 安全漏洞

Nautobot is a web automation platform by the individual developers of Nautobot. Nautobot has a security vulnerability that stems from a mismanagement of privileges vulnerability in the Nautobot dynamic-group-members UI and REST API. Affected products and versions: Nautobot versions 1.3.0 through...

CVE-2024-32735

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...

Aruba Networks ArubaOS 和 InstantOS 安全漏洞

Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc.Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches. Aruba Networks InstantOS is an Arch Linux-based distribution...

PT-2024-24114 · Hewlett Packard +1 · Aos-8 Instant/Aos-10 Ap +4

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Unauthenticated Denial of Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these...

Cyber Power Systems PowerPanel Enterprise 安全漏洞

Cyber Power Systems PowerPanel Enterprise is a software program from Cyber Power Systems designed to provide real-time PUE, PUE trends, and total energy usage trends. A security vulnerability previously existed in Cyber Power Systems PowerPanel Enterprise v2.8.3, which stemmed from an...

Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 10.11.0 that stems from the ability to edit data extracts on the API...

PT-2024-24113 · Hewlett Packard +1 · Aos-8 Instant/Aos-10 Ap +4

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Unauthenticated Denial of Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3167 Improper handling of data in Mail CWE-231 - CVE-2024-31397 CyVDB-3221 Improper restriction on the output of some API CWE-201 - CVE-2024-31398 CyVDB-3238 Excessive resource consumption in Mai...

F5 BIG-IP SQL注入漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A SQL injection vulnerability exists in F5 BIG-IP Next Central Manager, which can be exploited by an attacker to send crafted...

Open-Xchange App Suite 安全漏洞

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite version 8.21 and earlier, which stems from a cross-site scripting XSS vulnerability that originates from the presence of a cross-site...

CVE-2024-33513

Unauthenticated Denial-of-Service DoS vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad versions prior to 6.3.0, which stems from a user with customer access rights to a ticket being able to access the ticket's time statistic details via the API...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability that stems from an inability to remove detailed error messages from API requests. An attacker could exploit this vulnerability to obtain...

Siemens SINEC NMS 路径遍历漏洞

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A path traversal vulnerability exists in Siemens SINEC NMS versions...

CVE-2023-52541

Authentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

PT-2024-14549 · Unknown · Activitymanagerservice

Name of the Vulnerable Software and Affected Versions: ActivityTaskManagerService module affected versions not specified Description: The issue concerns a vulnerability of permission verification in some APIs within the ActivityTaskManagerService module. Successful exploitation of this...

PT-2024-2667

Name of the Vulnerable Software and Affected Versions Flowmon versions prior to 11.1.14 and 12.3.5 Description A command injection vulnerability has been identified in Flowmon, allowing an unauthenticated user to gain entry to the system via the management interface and execute arbitrary system...