EUVD-2023-60195

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

CVE-2022-1332

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents...

CVE-2024-47577

CVE-2024-47577 affects SAP Commerce Cloud’s Webservice API endpoints in the Assisted Service Module. The root cause is that a search request for customer data embeds data in the URL, which is logged server-side, enabling an attacker with admin impersonation to view leaked customer data via logs. ...

PT-2024-12319 · Ibm · Ibm Maximo Application Suite +1

Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite versions 8.10 through 8.11 IBM Maximo Asset Management version 7.6.1.3 Description: The software stores sensitive information in URL parameters, which may lead to information disclosure if unauthorized parties hav...