Server-Side Request Forgery (SSRF)

Label Studio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to faulty SSRF validation which executes a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a...

Unable to create DataSet using IPv4 CIDR format using GUI

When attempting to add a dataset via the GUI AppExpert Data Sets - Add, users may encounter a failure accompanied by the error message - "Value entered is not an IPv4." Note: This error message specifically occurs when the subnet mask value n is greater than 28 a.b.c.d/n...

CVE-2023-6631 Subnet Solutions Inc. PowerSYSTEM Center Unquoted Search Path or Element

PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges...

CVE-2023-6631 Subnet Solutions Inc. PowerSYSTEM Center Unquoted Search Path or Element

PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges...

SUBNET PowerSYSTEM Center Code Issue Vulnerability

SUBNET PowerSYSTEM Center is SUBNET's infrastructure for securely and centrally managing the many different intelligent electronic devices meters, relays, RTUs, etc. deployed throughout the transmission and distribution system. A security vulnerability exists in SUBNET PowerSYSTEM Center 2020...

GHSA-JQPC-RC7G-VF83 User accounts disclosed to unauthenticated actors on the LAN

Summary The login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Details Starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network...

CVE-2023-50715

Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant...

NetProbe - Network Probe

NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices. Features Scan for devices on a specified IP address or subnet...

CVE-2023-45321

The Android Client application, when enrolled with the define method 1 the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

CVE-2023-45321

The Android Client application, when enrolled with the define method 1 the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

Bosch ctrlX HMI Web Panel WR21 Access Control Error Vulnerability

Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. A security vulnerability exists in the Bosch ctrlX HMI Web Panel WR21 version that originates from a vulnerability that allows an unprivileged attacker with privileged access to the TPC-110W device subnet to gain root privileges a...

PT-2023-27872 · Google · Android Debug Bridge

Name of the Vulnerable Software and Affected Versions: TPC-110W device affected versions not specified Description: The issue allows an unprivileged user with access to the subnet of the device to gain a root shell on the device itself by exploiting the lack of authentication of the su binary fil...

PT-2023-29847 · Unknown · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client application affected versions not specified Description: The issue concerns the Android Client application's connection to an MQTT broker for exchanging messages and receiving commands. The protocol used for remote management o...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE-2023-20198 CVE-2023-20198 Checkscript based on: - Technica...

Dexalot Unveils SimpleSwap and SimpleView Features for Enhanced User Experience

By Owais Sultan New York, NY, September 19, 2023 - Dexalot, the decentralized exchange DEX operating on an Avalanche Subnet, has… This is a post from HackRead.com Read the original post: Dexalot Unveils SimpleSwap and SimpleView Features for Enhanced User Experience...

Unable to ping backend server from NetScaler with SNIP as source IP address

SNIP, NSIP and backend server are in the same subnet. Unable to ping backend from NetScaler with SNIP as source IP address, can ping backend with NSIP as source IP address...

Code injection

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an...

Clario VPN client security vulnerability

Clario VPN client is a VPN client for Mac from Clario. A security vulnerability exists in Clario VPN client macOS version 5.9.1.1662, which originates when the VPN client insecurely configures the operating system so that traffic to the local network is sent outside of the VPN tunnel in cleartext...

CVE-2023-35802

IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit...

CVE-2023-25122

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...