VMware vRealize Log Insight getConfig Missing Authentication for Critical Function Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose information on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getConfig function. The issue results from the lack of authentication prio...

Meeting and scaling compliance with IaC design

Gone are the days when cloud, application, and infrastructure engineers need to shoulder the burden of compliance and audits. With "smart" compliance-aware Infrastructure as Code IaC module design, engineers can focus on the functionality, performance, and scalability of their applications withou...

CVE-2023-25396

Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files...

CVE-2023-25396

Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files...

EulerOS 2.0 SP8 : rpm (EulerOS-SA-2023-1335)

According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a 'binding signature.' RPM does not check t...

CVE-2022-47414

OpenKM CVE-2022-47414: a stored XSS in the Note functionality is possible when an attacker with authenticated console access submits crafted content. CVSS 3.1: base score 5.4 (Medium); vectors: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Impacts are confined to confidentiality and integrity (Low); avail...

CVE-2022-47414

If an attacker has access to the console for OpenKM and is authenticated, a stored XSS vulnerability is reachable in the document "note" functionality...

MultiRewardEscrow.claimRewards() can break for rebasing tokens

Lines of code Vulnerability details Rebasing tokens make balanceOf modifications arbitrarily e.g: Aave share tokens. If such token is used in an escrow, the balance could become insufficient at the time of claiming rewards, making it impossible to claim rewards for that escrow. Impact Medium Proo...

CVE-2023-23937

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...

CVE-2023-23937 Missing file upload type validation in pimcore/pimcore

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...

Mint function should have a pause

Lines of code Vulnerability details Impact Even if a market is paused due to insolvency/bugs, there will still be minting going on. This leaves no protection against mining in such case. Tools Used VS code Recommended Mitigation Steps Check in function mint that the market is not paused. For...

woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...

PT-2023-34761 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.8 Description: The issue concerns the initialization of rx-link and rx-link sta in the mac80211 component of the wifi functionality. The actual impact and potential for attack have not been proven yet...

PT-2025-13318 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability was found in the Linux kernel related to the cgroup/cpuset functionality. The issue arises from an incorrect check in the update parent subparts cpumask function, which...

PT-2023-34811 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.90 Description: The issue is related to the dmaengine: idxd, where the probe fails when the workqueue cannot be enabled. The actual impact and attack plausibility have not yet been proven. Recommendations:...

xorg security update

CentOS Errata and Security Advisory CESA-2023:0046 An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CSRF in all endpoints of /lib/ajax.php by Changing the request method to GET

Description I have found a CSRF in all the request in /lib/ajax.php by changing the request to GET and the page is also get errors. So user cannot use any function on the page Proof of Concept 1. Go to https://demo.froxlor.org/ and login as any user. ie. admin 2. Now open...

PT-2023-13604 · Unknown · Freshtomato

Name of the Vulnerable Software and Affected Versions: FreshTomato version 2022.5 Description: A directory traversal issue exists in the httpd update.cgi functionality. This allows an attacker to send a specially crafted HTTP request, potentially leading to arbitrary file read. Recommendations: F...

CVE-2023-24060

Haven 5d15944 allows Server-Side Request Forgery SSRF via the feedurl= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname or even the hostname of the Haven server itself. NOTE: this product has significant usage but...

Server side request forgery (ssrf)

Haven 5d15944 allows Server-Side Request Forgery SSRF via the feedurl= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname or even the hostname of the Haven server itself. NOTE: this product has significant usage but...