N-able N-central Security Vulnerabilities

N-able N-central is an RMM platform from N-able, Inc. providing large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central version 2023.6 and prior versions, which stems from a vulnerability th...

PT-2024-13410 · N Able · N-Able N-Central

Name of the Vulnerable Software and Affected Versions: N-able N-central versions prior to 2023.6 Description: An issue in N-able N-central allows attackers to gain escalated privileges via API calls. Recommendations: For versions prior to 2023.6, update to version 2023.6 or later to resolve the...

Elastic Security Breach

Elastic is the Netherlands Elastic company's set of open source distributed RESTful search engine built on Lucene . The product is primarily used in cloud computing and supports data indexing using JSON over HTTP. A security vulnerability exists in Elastic that stems from the possibility that a...

Superwebmailer Cross-Site Scripting Vulnerability

Superwebmailer is a web-based PHP newsletter software for newsletter recipient management, sending HTML newsletters, birthday emails. A cross-site scripting vulnerability exists in Superwebmailer version v9.31.0.01799, which stems from a cross-site scripting vulnerability in the component api.php...

Open Forms Security Vulnerability

Open Forms is Open Formulieren open source an intelligent dynamic form . Used to quickly create a powerful and intelligent forms exposed through the API . A security vulnerability exists in Open Forms versions prior to 2.2.8, 2.3.6, 2.4.4, 2.5.1, which stems from an authentication bypass...

The vulnerability of the API PUT Request Handler component of the software platform based on Git, which is used for collaborative code development in GitLab, allows a malicious actor to execute arbitrary API PUT requests.

The vulnerability of the API PUT Request Handler component of the software platform based on Git for collaborative code development on GitLab exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows an attacker to execute arbitrary API PUT...

PYSEC-2024-261

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

PYSEC-2024-261

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

CVE-2024-1210

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes...

CVE-2024-23109

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

WordPress Plugin LearnDash LMS Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

[SECURITY] Fedora 39 Update: python-notebook-7.0.7-1.fc39

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

PT-2024-16192 · Openbi · Openbi

Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A problematic issue has been found, affecting the function agent of the file /application/index/controller/Datament.php. The manipulation of the api argument leads to information disclosure. This issue...

CVE-2024-23826

spbusesite is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is...

Design/Logic Flaw

spbusesite is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is...

CVE-2024-23826 Uploading an image with a specific filename causes a server-side DoS

spbusesite is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is...

Moderate: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Moderate: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

The vulnerability of the application programming interface of the Splunk Enterprise platform for operational analysis allows a perpetrator to delete data from the KV Store.

The vulnerability of the application programming interface of the Splunk Enterprise platform for operational analysis is related to deficiencies in access control to the KV Store. Exploiting this vulnerability could allow a malicious actor to delete data from the KV Store...