377 matches found
The vulnerability of the Ruijie Reyee OS operating system’s proxy server allows a hacker to execute an SSRF attack.
The vulnerability of the Ruijie Reyee OS operating system’s proxy server is related to insufficient checking of requests on the server side. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...
The vulnerability of the GNU Wget download manager, related to insufficient validation of requests on the server side, allows a perpetrator to execute SSRF attacks, spear-phishing attacks, or “man-in-the-middle” attacks.
The vulnerability of the GNU Wget download manager is related to insufficient validation of requests on the server side. Exploiting this vulnerability can allow a remote attacker to execute an SSRF attack, a man-in-the-middle attack, or another type of attack...
CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver
Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...
GHSA-V7VM-RHMG-8J2R Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
Summary The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls can circumvent these checks, enabling the...
The vulnerability of the Apache OFBiz resource planning software lies in the insufficient validation of requests on the server side, allowing attackers to execute SSRF attacks.
The vulnerability of Apache OFBiz’s resource planning software lies in insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...
The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition lies in insufficient validation of requests on the server side, allowing attackers to execute SSRF attacks.
The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition is related to insufficient testing of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform SSRF attacks using the user-defined URL address...
CVE-2024-20476
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...
CVE-2024-20537 Cisco Identity Services Engine Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker...
CVE-2024-20537 Cisco Identity Services Engine Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker...
CVE-2024-20476 Cisco Identity Services Engine Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...
CVE-2024-20476 Cisco Identity Services Engine Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...
CVE-2024-20476
CVE-2024-20476 affects Cisco Identity Services Engine (ISE) in its web-based management interface. The issue stems from lack of server-side validation of Administrator permissions, allowing an authenticated, remote attacker to bypass file-management authorization. An attacker could exploit this b...
Cisco Identity Services Engine 安全漏洞
Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco USA. The platform regulates the network by collecting real-time information from the network, users, and devices, and formulating and enforcing policies accordingly. The Cisco Identit...
CVE-2024-7456
A SQL injection vulnerability exists in the /api/v1/external-users route of lunary-ai/lunary version v1.4.2. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The orderByClause variable is constructed without server-side validation or...
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
Impact There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode. Workarounds Server-side file validation is available to strip script tags from file's content during the file upload process...
PT-2024-33275 · Umbraco · Umbraco
Name of the Vulnerable Software and Affected Versions: Umbraco versions 13.x prior to 13.5.2 Umbraco versions 10.x prior to 10.8.7 Umbraco versions 8.x prior to 8.18.15 Description: There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode...
Cross-site Scripting (XSS)
gradio is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate file type restrictions or server-side validation for the upload of HTML, JS, or SVG files. An attacker can execute unauthorized actions or steal sensitive information by uploading malicious scripts that execu...
PYSEC-2024-220
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...
PYSEC-2024-220
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...
CVE-2024-47872
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...