SourceCodester: Patients Waiting Area Queue Management System – Code Injection Vulnerability

The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a code injection vulnerability. This vulnerability...

EUVD-2014-0129

Malware in sbrugna...

EUVD-2018-7527

Malware in sbrugna...

EUVD-2022-51021

Malicious code in bioql PyPI...

CVE-2022-48321

Limited Server-Side Request Forgery SSRF in agent-receiver in Tribe29's Checkmk = 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API...

CVE-2024-45789

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the...

Malicious code in Be.Vlaandеren.Basіsregisters.PаrcelRegistrу.Api.CrabImport (NuGet)

--- -= Per source details. Do not edit below this line.=-...

UBUNTU-CVE-2024-37021

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

CVE-2023-39345 Unauthorized Access to Private Fields in User Registration API in strapi

strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users...

CVE-2022-48321

Limited Server-Side Request Forgery SSRF in agent-receiver in Tribe29's Checkmk = 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API...

Server side request forgery (ssrf)

Limited Server-Side Request Forgery SSRF in agent-receiver in Tribe29's Checkmk = 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API...

PT-2023-15699 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.1.0 through 2.1.0p11 Description: The issue allows an attacker to perform a limited Server-Side Request Forgery SSRF in the agent-receiver component, enabling communication with local network restricted endpoints through th...

SUSE CVE-2014-0028

libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:searchdomains restrictions in ACLs and obtain sensitive domain object information via a request to the 1 virConnectDomainEventRegister and 2 virConnectDomainEventRegisterAny functions in the...

CVE-2022-35945 Cross site scripting (XSS) via registration API in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Information associated to registration key are not properly escaped in registration key configuration...

Unspecified vulnerability in Red Hat keycloak (CNVD-2021-19381)

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. Red Hat Keycloak has a security vulnerability that originates from the exploitation of the Client Registration API, which can be exploited by a...

Red Hat Keycloak 授权问题漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. Red Hat Keycloak has a security vulnerability that originates from the exploitation of the Client Registration API, which can be exploited by a...

CVE-2018-12399

When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...

Design/Logic Flaw

An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specifie...

CVE-2018-15656

An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specifie...

CVE-2018-15656

CVE-2018-15656 affects 42Gears SureMDM prior to 2018-11-27, where an attacker can issue a GET request to /api/register/:email with a base64-encoded email and an ApiKey header to determine whether a user account exists. The underlying issue is information disclosure through the registration endpoi...