EUVD-2024-26225

Malicious code in bioql PyPI...

EUVD-2024-20707

Malicious code in bioql PyPI...

EUVD-2024-20706

Malicious code in bioql PyPI...

EUVD-2024-20709

Malicious code in bioql PyPI...

CVE-2024-23187

Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please...

CVE-2024-23188

Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...

CVE-2024-23186

E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer...

CVE-2020-8148

UniFi Cloud Key firmware 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus...

Cross-Site Request Forgery (CSRF)

Avenwu Whistle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient validation of API requests, allowing attackers to perform malicious API calls that result in arbitrary code execution on the victim's machine...

CVE-2024-55500

Cross-Site Request Forgery CSRF in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine...

CVE-2024-25582

The CVE-2024-25582 issue affects Open-Xchange App Suite via the module savepoint mechanism. The root cause is that savepoints could be abused to inject references to malicious code delivered through the same domain, enabling attackers to perform malicious API requests or extract information from ...

CVE-2024-29208

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station Version 1.1.18 and earlier UniFi Connect EV Station Pro Version 1.1.18 and earlier UniFi Conne...

Open-Xchange App Suite 安全漏洞

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite version 8.21 and prior versions, which stems from the presence of a cross-site scripting XSS vulnerability that could allow an attacker to...

Rancher Privilege escalation vulnerability via malicious "Connection" header

A vulnerability was discovered in Rancher 2.0.0 through the aforementioned patched versions, where a malicious Rancher user could craft an API request directed at the proxy for the Kubernetes API of a managed cluster to gain access to information they do not have access to. This is done by passin...

CVE-2024-23190

Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.6 security and bug fix update

OpenShift API for Data Protection OADP 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts

A server-side request forgery SSRF flaw in an API of a large financial technology fintech platform potentially could have compromised millions of bank customers, allowing attackers to defraud clients by controlling their bank accounts and funds, researchers have found. A team at Salt Security’s...

Cisco IOS XE Software Web UI REST API Authentication Bypass Vulnerability

A vulnerability in the REST API of the web-based user interface web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST A...