10 matches found
EUVD-2018-7273
Malware in sbrugna...
CVE-2024-3761 Missing Authorization on Delete Datasets in lunary-ai/lunary
In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a datas...
CVE-2023-6554
CVE-2023-6554 affects Tecnick TCExam (admin folder). The root cause is insufficient external authorization protection in the admin directory, allowing any user to download protected information such as exam answers when access is not gated by mechanisms like Apache Basic Auth. Impact is confident...
How to Improve Your API Security Posture
APIs, more formally known as application programming interfaces, empower apps and microservices to communicate and share data. However, this level of connectivity doesn't come without major risks. Hackers can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or even ta...
RHEL 8 : Red Hat OpenShift Service Mesh 1.1.17.1 (RHSA-2021:3273)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3273 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...
RHEL 8 : Red Hat OpenShift Service Mesh 1.1.14 (RHSA-2021:1540)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1540 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...
RHEL 8 : Red Hat OpenShift Service Mesh 2.0.4 (RHSA-2021:1538)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1538 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...
Authentication flaw
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the transaction parameter, the server replies with a verbose error showing where the application resides the...
mail/sympa* -- Multiple vulnerabilities in Sympa archive management
David Verdin reports: Multiple vulnerabilities have been discovered in Sympa archive management that allow to skip the scenario-based authorization mechanisms. This vulnerability allows the attacker to: display the archives management page 'arcmanage' download the list's archives delete the list'...
Web Crawler : Web Application Crawler - New Release
Web Crawler is a open source application that is based on the WebEngine library. WebEngine is the set of tools for performing black-box web-sites testing and other similar tasks. It provides tools means for reception of documents from a web-server, parse HTML pages, their comparisons, search...