CVE-2023-54327 Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change

Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls...

Ivanti Endpoint Manager Mobile 安全漏洞

Ivanti Endpoint Manager Mobile EPMM is an enterprise-grade mobile device management solution for centralized management and protection of mobile devices in the enterprise, supporting device enrollment, application distribution, security policy enforcement, and more. An authentication bypass...

Astra Linux – Vulnerability in docker.io-app

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The likelihood of this being exploited...

CVE-2024-20531

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery SSRF attack through an affected device. To exploit this vulnerability, the attacker woul...

CVE-2024-20531

Cisco Identity Services Engine (ISE) API is affected by an XXE-based vulnerability in XML input handling, allowing an authenticated remote attacker with Super Admin credentials to read arbitrary OS files and perform SSRF. Root cause: improper XML External Entity processing in the API. Exploitatio...

CVE-2022-4003

A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request...

CVE-2022-4003

A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request...

AZL-47042 CVE-2024-41110 affecting package moby-engine for versions less than 24.0.9-7

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

Server-side Request Forgery (SSRF)

openapi-generator is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to the improper validation in the /api/gen/clients/language path, allowing an attacker to access network resources and sensitive information via a crafted API request...

CVE-2023-27162

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

CVE-2023-27163

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/baskets/name. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

The vulnerability of the password change interface of the Cisco Connected Mobile Experiences (CMX) software allows a hacker to bypass security mechanisms.

The vulnerability of the Cisco Connected Mobile Experiences CMX password change interface is related to deficiencies in the management of registration data. Exploiting this vulnerability could allow a malicious actor to bypass security measures through a specially created API request...