Larvata Flygo 安全漏洞

Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker authenticated as a regular user to manipulate user data by specifying the employee's ID in an API parameter and...

RPCMS 跨站脚本漏洞

RPCMS is a software application, a web CMS system. RPCMS suffers from a cross-site scripting vulnerability that stems from a failure to properly clean up the nickname variable before it is displayed on a page in RPCMS v1.8 versions and below. With the API functionality turned on, an attacker can...

Dell NetWorker 安全漏洞

DELL EMC NetWorker is a suite of unified backup and recovery software from Dell DELL USA. The software provides backup and recovery, deduplication elimination, backup reporting, and other features. A security vulnerability exists in DELL EMC NetWorker that originates from an improper implementati...

DEBIAN-CVE-2021-32743

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...

PT-2021-6527 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.15 and earlier MediaWiki versions 1.32.x through 1.35.x before 1.35.3 MediaWiki versions 1.36.x before 1.36.1 Description: The issue concerns unintended API access for bots in MediaWiki. When a bot account has a...

CVE-2020-25634

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected...

CVE-2020-26677

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API...

Cisco SD-WAN vManage Software 资源管理错误漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A denial of service vulnerability exists in the API of Cisco SD-WAN vManage, which stems from insufficient handling of API requests and can be exploited by an attacker to cau...

CVE-2021-31926

AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTPS request directly to the applicable API endpoint despite not having permission to make changes to the system's network...

CubeCoders AMP 安全漏洞

AMP is a software application. for tracking all issues and bugs within the CubeCoders AMP platform. A security vulnerability exists in CubeCoders AMP versions prior to 2.1.x series 2.1.1.2 that allows an authenticated remote user to open a port in the local system firewall by writing an HTTPS...

China Mobile An Lianbao WF-1 命令注入漏洞

China Mobile An Lianbao WF-1 router is a router from China Mobile China. A security vulnerability exists in China Mobile An Lianbao WF-1 1.01, which originates from a POST request to api ZRQos to set up an online client via the "ip" parameter...

Unnamed Vulnerability in Juniper Networks Junos OS

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Junos OS has a security vulnerability, and no details of the vulnerability are provided at this time...

Juniper Networks Junos OS HTTP Response Splitting Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Junos OS has a security vulnerability, and no details of the vulnerability are provided at this time...

Juniper Networks Junos OS 权限许可和访问控制问题漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Junos OS is vulnerable to privilege permission and access control issues, for which no information is currently available...

Juniper Networks Junos OS 信任管理问题漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. There is a security vulnerability in Junos OS. No information about this vulnerability is available at this...

PT-2021-15763

Name of the Vulnerable Software and Affected Versions: Thrive Optimize WordPress plugin versions prior to 1.4.13.3 Thrive Comments WordPress plugin versions prior to 1.4.15.3 Thrive Headline Optimizer WordPress plugin versions prior to 1.3.7.3 Thrive Leads WordPress plugin versions prior to 2.3.9...

MediaWiki 权限许可和访问控制问题漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.31.12 and versions prior to 1.32.x series 1.35.x...

Dolby DAX2 API Service 代码问题漏洞

The Dolby DAX2 API Service is an audio service component from Dolby Laboratories USA. A code issue vulnerability exists in Dolby Audio X2 DAX2 API service versions prior to 0.8.8.90 that allows local users to gain privileges...

UBUNTU-CVE-2021-22202

An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API...

PT-2021-15238 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.0.4 GitHub Enterprise Server versions prior to 2.22.10 GitHub Enterprise Server versions prior to 2.21.18 Description: An improper access control issue was identified that allowed access tokens...