PT-2024-5557

Name of the Vulnerable Software and Affected Versions FortiAIOps version 2.0.0 Description The issue concerns the exposure of sensitive information to unauthorized actors. An authenticated, remote attacker may retrieve sensitive information from the API endpoint or log files. This is related to a...

PT-2024-27446

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned. Description It was identified that under certain specific preconditions, an API key that was originally created with specific privileges could be subsequently used to create new API keys that hav...

Malicious code in Chronos.Platform.Linux.API (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Basisregisters.PublicServicеRegistry.Aрi.Backoffice (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Basisregistеrs.PаrсеlRegistry.Api.Legacy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderеn.Basisregіsters.RoaԁRegistry.BackOffiсe.Api (NuGet)

--- -= Per source details. Do not edit below this line.=-...

CraftCMS Security Vulnerability

CraftCMS is a content management system from CraftCMS, Inc. A security vulnerability exists in CraftCMS version v3.7.31 and earlier versions. An attacker exploited the vulnerability to perform a SQL injection attack via a GraphQL API endpoint...

CVE-2024-24554

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API...

Bludit Security Breach

Bludit is an open source, lightweight blog content management system CMS. A security vulnerability exists in Bludit that stems from the use of predictable methods combined with the MD5 hash algorithm to generate sensitive tokens that allow an attacker to authenticate against the Bludit API...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from the possibility that certain APIs Application Programming Interfaces may send HTTP requests to the multifunction device without...

Dell Secure Connect Gateway Access Control Error Vulnerability

Dell Secure Connect Gateway is a secure connectivity gateway from Dell USA. An access control error vulnerability exists in Dell Secure Connect Gateway versions prior to 5.24.00.00, which stems from an improperly access-controlled internally maintained REST API that could be exploited by a remote...

CVE-2024-28022

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account...

WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Broken Access Control on API vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Master Addons for Elementor versions = 2.0.5.4.1...

DRUPAL-CONTRIB-2024-022

Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider...

PT-2024-3967 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.03.2 Description: The issue is related to insufficient authorization procedures in JetBrains TeamCity, a continuous integration and continuous delivery CI/CD system. This allows a remote attacker to...

Nautobot 安全漏洞

Nautobot is a web automation platform by the individual developers of Nautobot. Nautobot has a security vulnerability that stems from a mismanagement of privileges vulnerability in the Nautobot dynamic-group-members UI and REST API. Affected products and versions: Nautobot versions 1.3.0 through...

Aruba Networks ArubaOS 和 InstantOS 安全漏洞

Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc.Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches. Aruba Networks InstantOS is an Arch Linux-based distribution...

PT-2024-24114 · Hewlett Packard +1 · Aos-8 Instant/Aos-10 Ap +4

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Unauthenticated Denial of Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these...

Cyber Power Systems PowerPanel Enterprise 安全漏洞

Cyber Power Systems PowerPanel Enterprise is a software program from Cyber Power Systems designed to provide real-time PUE, PUE trends, and total energy usage trends. A security vulnerability previously existed in Cyber Power Systems PowerPanel Enterprise v2.8.3, which stemmed from an...

Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 10.11.0 that stems from the ability to edit data extracts on the API...