GHSA-GMMV-4CC5-WR9R SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs

Summary SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST /api/storage/updateRecentDocCloseTime, POST...

LibreNMS contains an authenticated SQL Injection vulnerability

LibreNMS 1.46 contains an authenticated SQL Injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL Injection techniques to retrieve...

PT-2023-30763 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 23.11.0 Description: The issue allows a low-privilege user to enumerate devices on LibreNMS with their id or hostname by accessing a request sent to graph.php when they access their device dashboard. This enables th...

kernel: device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()

In the Linux kernel, the following vulnerability has been resolved: device property: fix of node refcount leak in fwnodegraphgetnextendpoint The 'parent' returned by fwnodegraphgetportparent with refcount incremented when 'prev' is not NULL, it needs be put when finish using it. Because the paren...

PT-2010-4094 · Cacti · Cacti

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 0.8.7g Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is due to an incorrect fix for a previous issue. The graph start parameter to the...