496 matches found
CVE-2024-41716
Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate...
CVE-2024-41964 Insufficient permission checks in the language settings in Kirby CMS
Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's...
GO-2024-3058 Gorush uses deprecated TLS versions in github.com/appleboy/gorush
An issue in the RunHTTPServer function in Gorush allows attackers to intercept and manipulate data due to the use of a deprecated TLS version...
CVE-2023-24062
Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents...
CVE-2021-3805
A flaw was found in the object-path nodejs library when the del function is called to validate object properties. An attacker can manipulate or alter the prototype of an object causing the modification of default properties on all objects. This could lead into a service disruption or a denial of...
CVE-2024-6422
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data...
CVE-2024-23737
Cross Site Request Forgery CSRF vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email...
CVE-2024-5071 Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment the request body to change its status from pending to approved...
CVE-2024-5731
CVE-2024-5731 affects Trellix IPS Manager, Central Manager, and Local Manager communications. The vulnerability arises from the request flow where an attacker can manipulate a parameter to change the destination of a request, exposing sensitive information. Current documents provide high-level im...
CVE-2024-34683
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser...
[SECURITY] Fedora 39 Update: rust-jql-7.1.2-3.fc39
Jql - JSON Query Language - is a fast and simple command-line tool to manipulate JSON data...
[SECURITY] Fedora 40 Update: rust-jql-7.1.2-3.fc40
Jql - JSON Query Language - is a fast and simple command-line tool to manipulate JSON data...
Cookie Leakage
amphp/artax is vulnerable to Cookie Leakage. The vulnerability is due to cookies being leaked to unauthorized domains, which allows an attacker to manipulate cookies in such a way where cookies of foo.bar.example.com were leaked to foo.bar...
Site Reviews < 7.0.0 - IP Spoofing
Description The plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking PoC Request sent to the server to add review: POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8888...
CVE-2023-38002 IBM Storage Scale session fixation
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208...
NoArgs - Tool Designed To Dynamically Spoof And Conceal Process Arguments While Staying Undetected
NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly. Default Cmd: Windows Event Logs...
Missing character encoding in progress display allows for spoofing of scp client output (CVE-2019-6109)
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...
CVE-2024-23735
CVE-2024-23735 describes a Cross Site Scripting (XSS) vulnerability in the S/MIME certificate upload feature on the Savignano S/Notify User Profile pages for Confluence. Affected: Savignano S/Notify versions prior to 4.0.0 (Confluence integration). Nature: XSS via specially crafted certificates i...
Prototype Pollution
web3-utils is vulnerable to Prototype Pollution. The vulnerability is due to insecure recursive merge via the utility functions format and mergeDeep, allowing an attacker to manipulate an object's prototype by passing specially crafted input to these functions...
Cache Poisoning
Translate is vulnerable to Cache Poisoning. This vulnerability is due to a lack of proper access controls within the translate function index.js, which allows attackers to manipulate cache keys and subsequently choose responses for subsequent users of the system...