Click Studios Passwordstate Security Breach

Click Studios Passwordstate passwordstate is a password management software from the Click Studios team in Australia. The program provides users with the ability to save their passwords, record their accounts and passwords, and keep them safe. This program provides you with the ability to save yo...

UBUNTU-CVE-2023-41260

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls...

Lenovo XClarity Controller SQL Injection Vulnerability

Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. Lenovo XClarity Controller suffers from a SQL injection vulnerability that originates from an authenticated XCC user with elevated...

Apache Airflow 信息泄露漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions 2.4.0 to 2.7.0 information leakage vulnerability , the...

CVE-2023-43118

Cross Site Request Forgery CSRF vulnerability in Chalet application in Extreme Networks Switch Engine EXOS before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API...

Fortinet FortiEDR 代码问题漏洞

Fortinet FortiEDR is an endpoint security solution built from the ground up by Fortinet. Fortinet FortiEDR suffers from an Access Control Error vulnerability that stems from insufficient handling of session expiration times, which can be exploited by an attacker to execute unauthorized code or...

PT-2023-29102 · Unknown · Fwk-Display

Name of the Vulnerable Software and Affected Versions: Fwk-Display module affected versions not specified Description: The issue concerns an API permission management vulnerability in the Fwk-Display module. Successful exploitation of this vulnerability may cause features to perform abnormally...

CVE-2023-34992

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests...

PT-2023-6001 · Fortinet · Fortisiem

Name of the Vulnerable Software and Affected Versions: FortiSIEM versions 6.4.0 through 6.4.2 FortiSIEM versions 6.5.0 through 6.5.1 FortiSIEM versions 6.6.0 through 6.6.3 FortiSIEM versions 6.7.0 through 6.7.5 FortiSIEM version 7.0.0 Description: The issue is related to an improper neutralizatio...

CVE-2023-20259

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for devic...

CVE-2023-20223

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...

Jumpserver Information Disclosure Vulnerability

Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. JumpServer suffers from an information disclosure vulnerability caused by exposing random number seeds to the API, which could allow replay of randomly generated CAPTCHAs, leading to password...

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. An access control error vulnerability exists in the Cisco DNA Center API, which can be exploited by a remote attacker to submit a special request that can read and modify database data and elevate privileges...

Undefined Behavior for Input to API in Mutt

...

ASUS RT-AX56U Formatting String Error Vulnerability

The ASUS RT-AX56U is a wireless router from Asus China. The ASUS RT-AX56U suffers from a Format String Error vulnerability that stems from a format string vulnerability found in the iperf client function API...

Fortinet FortiSwitchManager 安全漏洞

Fortinet FortiSwitchManager is a network switch management tool from Fortinet designed to help organizations manage their FortiSwitch family of network switches. An improper access control vulnerability exists in Fortinet FortiSwitchManager. The vulnerability is caused by a flawed authentication...

WireMock security vulnerability

WireMock is a popular open source tool for API simulation testing from WireMock Open Source. WireMock has a security vulnerability that stems from vulnerability to DNS rebinding attacks...

PT-2023-17071 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.2 through 16.1.4 GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab where a namespace-level banned user can access the API. Recommendations: For GitLa...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the fact that user...

CVE-2023-24515

Server-Side Request Forgery SSRF vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to...