CVE-2024-51556

The CVE-2024-51556 entry concerns Wave 2.0 with an issue where sensitive data is insufficiently encrypted in API responses. The vulnerability enables an authenticated remote attacker to manipulate API input parameters via the request URL/payload, potentially leading to unauthorized access to othe...

CVE-2024-47657 Improper Access Control Vulnerability

This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs which could lead to unauthorized access to sensitive...

CVE-2024-1183 SSRF Vulnerability in gradio-app/gradio

An SSRF Server-Side Request Forgery vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the...

GHSA-5946-8P38-VFFP Apache Airflow Improper Input Validation vulnerability

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version th...

CVE-2020-19778

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "userid" in the HTML request...

CVE-2014-1223 - Cross-site Scripting in Telligent Evolution

Vulnerability title: Cross-site Scripting in Telligent Evolution CVE: CVE-2014-1223 Vendor: Telligent Product: Evolution Affected version: 7.5.0.32466 Fixed version: 7.6.7.36651 Reported by: Jerzy Kramarz Details: It is possible for an attacker to inject JavaScript by manipulating the 'msg'...