Missing Authentication for Critical Function

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the checkConfiguration.php process. An attacker can gain full administrative control and manipulate the application...

CVE-2023-31459

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password...

WordPress Popover Windows plugin <= 1.2 - Cross-Site Request Forgery to Arbitrary Popover Configuration Update vulnerability

Cross-Site Request Forgery to Arbitrary Popover Configuration Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Popover Windows versions = 1.2...

WordPress Simple Theme Changer plugin <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update vulnerability

Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Simple Theme Changer versions = 1.0...

EUVD-2004-1029

Malware in sbrugna...

EUVD-2023-0200

Malicious code in bioql PyPI...

Siemens SINAMICS PERFECT HARMONY GH180 访问控制错误漏洞

The Siemens SINAMICS PERFECT HARMONY GH180 is a high-voltage AC inverter from Siemens Germany. An access control error vulnerability exists in the Siemens SINAMICS PERFECT HARMONY GH180 versions prior to V8.0 through V8.3.3, which stems from improper access control of the maintenance connection a...

ABB M2M Gateway Arbitrary Configuration Injection in embedded Git (CVE-2023-29007)

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules file with submodule URLs that are longer than 1024 characters can used to exploit a bug in...

CVE-2023-37833

Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users...

SUSE CVE-2025-1098

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

Kubernetes ingress-nginx 输入验证错误漏洞

Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that stems from the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary...

PT-2025-12714 · Unknown +1 · Ingress-Nginx +1

Name of the Vulnerable Software and Affected Versions: ingress-nginx versions prior to v1.11.5 ingress-nginx versions from v1.12.0-beta.0 through v1.12.1 Description: A security issue was discovered in ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary configuration injection due to pip:22.3.1

Summary Pip is used by the DataStage on Cloud Pak for Data px-runtime microservice as part of package installation. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial...

CVE-2024-45334

Trend Micro Antivirus One versions 3.10.4 and below Consumer is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions...

Apache Solr 安全漏洞

Apache Solr is a search server based on Lucene a full-text search engine from the Apache Foundation USA. The product supports dimensional search, vertical search, and highlighting of search results. A security vulnerability exists in Apache Solr version 9.7 and earlier versions, which stems from ...

GLSA-202501-03 : pip: arbitrary configuration injection

The remote host is affected by the vulnerability described in GLSA-202501-03 pip: arbitrary configuration injection Multiple vulnerabilities have been discovered in pip. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

CVE-2024-45334

Trend Micro Antivirus One versions 3.10.4 and below Consumer is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions...

CVE-2024-45334

Trend Micro Antivirus One versions 3.10.4 and below Consumer is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions...

CVE-2024-45334

Trend Micro Antivirus One versions 3.10.4 and below Consumer is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions...

CVE-2024-45334

Trend Micro Antivirus One versions 3.10.4 and below Consumer is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions...