447 matches found
CVE-2024-20529
Cisco Identity Services Engine (ISE) API vulnerability could allow an authenticated remote attacker with Super Admin credentials to read or delete arbitrary files due to insufficient validation of user-supplied API parameters. PT-2024-18676 notes affected software prior to 3.3.0 and recommends up...
CVE-2024-20527 Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...
PT-2024-8314 · Cisco · Cisco Ise
Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. The attacker would need valid Super Admin...
PT-2024-18675 · Cisco · Cisco Ise
Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. This...
PT-2024-18679 · Cisco · Cisco Ise
Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a...
PT-2024-18676 · Cisco · Cisco Ise
Name of the Vulnerable Software and Affected Versions: Cisco ISE versions prior to 3.3.0 Description: A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. This is due to insufficient validation of...
PT-2024-18674 · Cisco · Cisco Ise
Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. This issue is due to insufficient validatio...
5 SaaS Misconfigurations Leading to Major Fu*%@ Ups
With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose...
CVE-2024-6632
A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...
CVE-2024-6632 SQL Injection in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)
A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...
PT-2024-37761 · Unknown · Filecatalyst Workflow
Name of the Vulnerable Software and Affected Versions: FileCatalyst Workflow versions 5.1.6 and earlier Description: A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack, which can lead to a loss of...
Privilege Escalation
langflow is vulnerable to Privilege Escalation. The vulnerability is due to improper validation in the '/api/v1/users' endpoint, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request...
CVE-2024-7297
Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...
CVE-2024-7297 Langflow Privilege Escalation
Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...
PT-2024-38245 · Langflow · Langflow
Name of the Vulnerable Software and Affected Versions: Langflow versions prior to 1.0.13 Description: The issue allows a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the "/api/v1/users" endpoint. Recommendations: For Langflow version...
CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel
Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create...
CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel
Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create...
CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel
Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create...
CVE-2024-23111
An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...
CVE-2024-23111
An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...