Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost Playbooks suffers from a security vulnerability that stems from a denial-of-service vulnerability that allows an authenticated user to crash the server with multiple large requests to the...

FileCloud 安全漏洞

FileCloud is an ultra-secure content collaboration platform from US-based FileCloud, Inc. offering industry-leading compliance, data governance, data leakage protection, data retention and digital rights management capabilities. A security vulnerability exists in FileCloud version 20.2 and later...

PT-2022-26769 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr Open Source ERP & CRM for Business versions prior to 14.0.1 Description: The issue allows attackers to escalate privileges via a crafted API. Recommendations: For versions prior to 14.0.1, update to version 14.0.1 or later to resolve...

Plesk Obsidian 跨站请求伪造漏洞

Plesk Obsidian is a hosting control panel from the Swiss company Plesk. A security vulnerability exists in Plesk Obsidian. An attacker exploited the vulnerability to change the administrator password via the /api/v2/cli/commands REST API...

CVE-2022-38380

An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API...

CVE-2022-2572

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...

WordPress plugin LearnPress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-6925 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this...

CVE-2022-3338

An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file throu...

CVE-2022-23770

This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE versions 12.8 through 15.2.5,...

CVE-2022-2828

In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability...

Apache Airflow 代码问题漏洞

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. Apache Airflow 2.4.1 and earlier versions have a code issue vulnerability that stems from the failure of deactivated users to prevent authenticated users from continuing to use t...

BookStack vulnerable to cross-site scripting

Overview BookStack contains a cross-site scripting vulnerability CWE-79. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

Discourse 安全漏洞

Discourse is an open source community discussion platform. An access control error vulnerability exists in versions of Discourse prior to 2.8.9 and prior to 2.9.0.beta10. The vulnerability stems from improper access control of the API, which could be exploited to create new topics and edit existi...

PT-2022-23155 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.9 Discourse versions prior to 2.9.0.beta10 Description: The issue allows a moderator to create new and edit existing themes using the API when they should not have this capability. Recommendations: For versions...

PT-2022-6176 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue exists due to insufficient input validation in the web UI feature of Cisco IOS XE Software, allowing an authenticated, remote attacker to perform an injection attack...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. An access control error vulnerability exists in Zammad version 5.2.1. The vulnerability stems from faulty access control in the program, where Zammad's asset handling mechanism has logic that ensures that client users...

GitHub Advanced Security to CSV 安全漏洞

GitHub Advanced Security to CSV is a library by Natalie Somersall, an individual developer in the US. It is a simple GitHub operation for grabbing the GitHub Advanced Security API and pushing it to CSV. A security vulnerability exists in versions prior to GitHub Advanced Security to CSV V1 that...

mysql: C API unspecified vulnerability (CPU Oct 2021)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this...