168 matches found
CVE-2025-4375 Cross-Site Request Forgery vulnerability in Pro Cloud Server's WebEA
Cross-Site Request Forgery CSRF vulnerability in Sparx Systems Pro Cloud Server allows Cross-Site Request Forgery to perform Session Hijacking. Cross-Site Request Forgery is present at the whole application but it can be used to change the Pro Cloud Server Configuration password. This issue affec...
Sparx Systems Pro Cloud Server 安全漏洞
Sparx Systems Pro Cloud Server is an enterprise-class model collaboration platform from Sparx Systems Australia that supports cloud sharing and version control of EA Enterprise Architect models. A security vulnerability exists in Sparx Systems Pro Cloud Server versions prior to 6.0.165, which ste...
Sparx Systems Pro Cloud Server 安全漏洞
Sparx Systems Pro Cloud Server is an enterprise-class model collaboration platform from Sparx Systems Australia that supports cloud sharing and version control of EA Enterprise Architect models. A security vulnerability exists in Sparx Systems Pro Cloud Server versions prior to 6.0.165, which ste...
PT-2025-20473 · Sparx Systems · Sparx Systems Pro Cloud Server
Name of the Vulnerable Software and Affected Versions: Sparx Systems Pro Cloud Server versions earlier than 6.0.165 Description: A Cross-Site Request Forgery CSRF issue is present in the whole application, allowing for Session Hijacking. This issue can be used to change the Pro Cloud Server...
PT-2025-20474 · Sparx Systems · Sparx Systems Pro Cloud Server
Name of the Vulnerable Software and Affected Versions: Sparx Systems Pro Cloud Server versions earlier than 6.0.165 Description: The issue is related to an Improper Input Validation vulnerability in the WebEA model search field of Sparx Systems Pro Cloud Server, which allows Cross-Site Scripting...
PT-2025-20475 · Sparx Systems · Sparx Systems Pro Cloud Server
Name of the Vulnerable Software and Affected Versions: Sparx Systems Pro Cloud Server versions earlier than 6.0.165 Description: The issue is caused by an Improper Limitation of a Pathname, leading to a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present ...
CVE-2025-28169
BYD QIN PLUS DM-i Dilink OS v3.013.1.7.2204050.1 to v3.013.1.7.2312290.10 was discovered to cend broadcasts to the manufacturer's cloud server unencrypted, allowing attackers to execute a man-in-the-middle attack...
Mockoon has a Path Traversal and LFI in the static file serving endpoint
Summary A mock API configuration for static file serving following the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal and LFI, allowing an attacker to get any file in the mock server...
Exposed Cloud Server Tracks 800,000 Volkswagen, Audi, and Skoda EVs
SUMMARY A recent report from the German news outlet Spiegel has revealed a significant security breach impacting hundreds…...
CVE-2024-47577 Information Disclosure vulnerability in SAP Commerce Cloud
Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating ...
CVE-2024-48107
SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...
CVE-2024-48107
SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...
CVE-2024-48107
SparkShop
CVE-2024-48107
SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...
Multiple Safie products vulnerable to improper server certificate verification
Overview Multiple Safie products are vulnerable to improper server certificate verification CWE-295. The product can be operated via port 11029/TCP and Bluetooth, and its communications are AES encrypted. The product user can obtain the encryption key from the cloud server based on the...
JVN#83440451: Multiple Safie products vulnerable to improper server certificate verification
Multiple Safie products are vulnerable to improper server certificate verification CWE-295. The product can be operated via port 11029/TCP and Bluetooth, and its communications are AES encrypted. The product user can obtain the encryption key from the cloud server based on the device-specific...
Data Leak Exposes 1.5 Billion Real Estate Records, Including Elon Musk, Kylie Jenner
By Waqas A Campbell, New York-based real estate training platform called Real Estate Wealth Network exposed a massive treasure trove of real estate records due to cloud server misconfiguration. This is a post from HackRead.com Read the original post: Data Leak Exposes 1.5 Billion Real Estate...
CVE-2023-45148 Rate limiter not working reliable when Memcached is installed in Nextcloud
Nextcloud is an open source home cloud server. When Memcached is used as memcache.distributed the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgra...
WEM: after upgrade , Agent does not register with the cloud infrastructure server
After running the configuration utility on the agent to migrate to the cloud WEM broker server it looses the connectivity. Checking theCitrix WEM Agent Host service debug logs show the below error Event - BaseBrokerClient1.GetConnectorAuthContext : Successfully acquired connector authentication...
WordPress WP Cloud Server Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software WP Cloud Server Type Plugin Vulnerable versions = 1.3.0 Fixed in 2.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 8cdd8c408320 Credits Rafie Muhammad Patchstack Required...