The vulnerability of the Traccar GPS system’s application programming interface, related to the unlimited loading of dangerous type files, allows a violator to execute arbitrary code.

The vulnerability of the Traccar GPS system’s application programming interface is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by creating or loading arbitrary files...

GO-2023-1463 KubePi may allow unauthorized access to system API in github.com/KubeOperator/kubepi

KubePi may allow unauthorized access to system API in github.com/KubeOperator/kubepi...

CVE-2024-24955

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these...

CVE-2024-24957

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these...

PT-2024-3884 · Automationdirect · P3-550E

Name of the Vulnerable Software and Affected Versions: AutomationDirect P3-550E version 1.2.10.9 Description: The issue is related to out-of-bounds write vulnerabilities in the Programming Software Connection FileSystem API functionality. Specially crafted network packets can lead to heap-based...

CVE-2024-34453

TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=readdata&type=connectivitytest which reaches /system/api.php...

CVE-2024-34453

TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=readdata&type=connectivitytest which reaches /system/api.php...

CVE-2024-2564

A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack may be initiated remotely. The explo...

PT-2024-21060 · Unknown · Pandaxgo Pandax

Name of the Vulnerable Software and Affected Versions: PandaXGO PandaX up to 20240310 Description: A critical issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal, allowing an attacker to access files outside...

CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O versions 5.0 through 5.5, which stems from...

CVE-2023-32004

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...

SUSE CVE-2022-0337

Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. Chrome security severity: High...

CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-2311

CVE-2023-2311 concerns Google Chrome/Chromium where insufficient policy enforcement in the File System API before 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Connected sources (e.g., Astra Linux bulletin and Fedora advisories) confirm the iss...