431 matches found
CVE-2024-42222 Apache CloudStack: Unauthorised Network List Access
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and...
CVE-2024-42222
CVE-2024-42222 affects Apache CloudStack 4.19.1.0, where a regression in the network listing API allows unauthorised listing of network details for domain admins and normal users, compromising tenant isolation and potentially exposing network configurations and data. The issue has been fixed in C...
CVE-2024-42222 Apache CloudStack: Unauthorised Network List Access
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and...
CVE-2024-42222 Apache CloudStack: Unauthorised Network List Access
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and...
CVE-2024-7127
Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting XSS attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthoris...
CVE-2024-7127
CVE-2024-7127 describes an XSS flaw in Stackposts Social Marketing Tool caused by improper neutralization of input during web page generation. Submitting a payload in the username at registration can be executed later in the application panel, potentially leading to unauthorized disclosure of inf...
CVE-2024-7127 XSS in Stackposts - Social Marketing Tool
Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting XSS attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthoris...
CVE-2024-5735
Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0...
CVE-2024-5735 Full Path Disclosure in AdmirorFrames Joomla! Extension
Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0...
Malicious code in cue-vana-3-john-wick-4-iv-2023-ver-en-espanol-latino-descargar-la-pelicula-completa-esp127456 (npm)
--- -= Per source details. Do not edit below this line.=-...
GitLab < 13.11.6 (CVE-2021-22228)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access contro...
CVE-2024-3263
CVE-2024-3263 affects YMS VIS Pro due to improper system-credentials generation and weak password policy, enabling brute-force login attempts. Public details identify affected versions as VIS Pro 3.3.0.7). There is no explicit exploitation details or public in-the-wild exploit information provide...
Exploit for Path Traversal in Jetbrains Teamcity
RCity - CVE-2024-27198 RCE & Admin Account Creation & CVE-20...
USN-6735-1: Node.js vulnerabilities
It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue...
BIT-GITLAB-2021-22188
An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs...
BIT-GITLAB-2022-1545
It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note...
BIT-GITLAB-2022-2907
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted...
CVE-2024-25128
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...
CVE-2024-25128 Flask-AppBuilder incorrect authentication when using auth type OpenID
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...
CVE-2024-25128
Removed by vendor...