The vulnerability of the Scheduled Backups function in the Nagios XI monitoring tool allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Scheduled Backups function in the Nagios XI monitoring tool is related to synchronization errors when using a shared resource during port scanning. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

CVE-2023-5236

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

Business Logic Errors

microweber is vulnerable to Business Logic Errors. The vulnerability exists due to a lack of coupon code validation. which allows attackers to change coupon codes and lower prices...

PT-2023-7885

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 9.6 Description The issue is related to errors in key management in the ssh-agent tool of OpenSSH. It allows an attacker to disclose protected information by exploiting certain destination constraints that are not ful...

Business Logic Errors in microweber/microweber

A vulnerability has been identified in microweber where users can purchase items with a coupon code. If the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code, the user can exploit the vulnerability and obtain items at a...

GHSA-QJFX-FVX7-3WVW Business Logic Errors in microweber/microweber

A vulnerability has been identified in microweber where users can purchase items with a coupon code. If the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code, the user can exploit the vulnerability and obtain items at a...

CVE-2023-6832

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0...

CVE-2023-6832

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0...

Code injection

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0...

CVE-2023-6832 Business Logic Errors in microweber/microweber

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0...

CVE-2023-6832 Business Logic Errors in microweber/microweber

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0...

CVE-2023-6832

CVE-2023-6832 affects microweber/microweber prior to 2.0. A business logic flaw enables bypass of coupon code validation, allowing attackers to obtain items at reduced prices when the coupon feature is disabled. Public sources (GHSA and Veracode advisories) describe the coupon-validation bypass a...

PT-2023-31626 · Github · Octokit/Webhooks +1

Name of the Vulnerable Software and Affected Versions: octokit/webhooks versions 9.26.0 through 9.26.2 octokit/webhooks versions 10.9.0 through 10.9.1 octokit/webhooks versions 11.1.0 through 11.1.1 octokit/webhooks versions 12.0.0 through 12.0.3 Description: The issue is caused by a problem with...

The vulnerability of the Autoptimize plugin of the WordPress content management system, related to security mechanism errors, allows attackers to gain unauthorized access to information.

The vulnerability of the Autoptimize plugin of the WordPress content management system is related to security mechanism errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to information...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to pointer naming errors, allows attackers to trigger a service failure.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause a service failure by opening a specially created file...

The vulnerability of the Microsoft Power Platform Connector’s application programming interface, related to errors in information representation by the user interface, allows a hacker to perform a spear-phishing attack.

The vulnerability of the Microsoft Power Platform Connector’s application programming interface is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to carry out a spear-phishing attack by sending the user a specially...

The vulnerability of the ASUSTOR Data Master operating system, related to errors in privilege management, allows a hacker to alter the configuration of storage devices.

The vulnerability of the ASUSTOR Data Master operating system is related to errors in privilege management. Exploiting this vulnerability could allow an attacker to modify the configuration of storage devices...

PYSEC-2023-307

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceiltype.sizeinbytes / 32. T...

Code injection

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibanasystem user, API Keys, and...

CVE-2023-49922

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...