CVE-2024-24955

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these...

PT-2024-3884 · Automationdirect · P3-550E

Name of the Vulnerable Software and Affected Versions: AutomationDirect P3-550E version 1.2.10.9 Description: The issue is related to out-of-bounds write vulnerabilities in the Programming Software Connection FileSystem API functionality. Specially crafted network packets can lead to heap-based...

CVE-2024-34453

TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=readdata&type=connectivitytest which reaches /system/api.php...

CVE-2024-34453

TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=readdata&type=connectivitytest which reaches /system/api.php...

CVE-2024-2564

A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack may be initiated remotely. The explo...

PT-2024-21060 · Unknown · Pandaxgo Pandax

Name of the Vulnerable Software and Affected Versions: PandaXGO PandaX up to 20240310 Description: A critical issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal, allowing an attacker to access files outside...

CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O versions 5.0 through 5.5, which stems from...

CVE-2023-32004

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...

SUSE CVE-2022-0337

Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. Chrome security severity: High...

CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-2311

CVE-2023-2311 concerns Google Chrome/Chromium where insufficient policy enforcement in the File System API before 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Connected sources (e.g., Astra Linux bulletin and Fedora advisories) confirm the iss...

Mozilla Firefox 后置链接漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 115, which stems from insufficient validation of symbolic links in the file system API. An attacker could exploit the vulnerability t...

CVE-2023-34602

JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController...

PT-2023-24945 · Unknown · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: JeecgBoot versions up to 3.5.1 Description: A SQL injection issue was discovered in JeecgBoot via the queryFilterTableDictInfo component at org.jeecg.modules.api.controller.SystemApiController. This allows for potential SQL injection attacks...