JetBrains YouTrack < 2024.3.47197 Arbitrary Code Execution

The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.47197. It is, therefore, affected by a vulnerability as referenced in the 2024347197 advisory. - Insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests JT-85294 Note that Nessus...

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

CVE-2024-49579

JetBrains YouTrack prior to 2024.3.47197 is affected by CVE-2024-49579 due to insufficient validation of the iframe plugin communication channel, allowing arbitrary JavaScript execution and unauthorized API requests. The issue stems from the iframe plugin; attacker-controlled payloads could be ex...

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

PT-2024-7356 · Jetbrains · Jetbrains Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.47197 Description: The issue is related to insufficient validation of the communication channel source in the iframe plugin of JetBrains YouTrack. This can allow an attacker to execute arbitrary...

CVE-2023-7289

The Paytium: Mollie payment forms & donations WordPress plugin (vulnerable up to 4.3.7) has an authorization flaw in the paytium_sw_save_api_keys function due to a missing capability check. This allows authenticated users with subscriber-level access to update API keys. Affected product: Paytium ...

WordPress plugin Paytium: Mollie payment forms & donations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

VulnCheck KEV: CVE-2023-7289

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytiumswsaveapikeys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2024-20441 Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could...

CVE-2024-20441 Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could...

Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229

Versa Networks has released an advisory for a vulnerability CVE-2024-45229link is external affecting Versa Director. A cyber threat actor could exploit this vulnerability to exercise unauthorized REST APIs. CISA urges organizations to apply necessary updates, hunt for any malicious activity, repo...

The vulnerability of the Cisco Smart License Utility software management software lies in undocumented static user credentials. This allows a malicious individual to gain unauthorized access to confidential information and to access the API without proper authorization.

The vulnerability of the Cisco Smart License Utility software management system is related to undocumented static account data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to confidential information and unauthorized access to the API...

PT-2024-26338 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue allows authenticated users to access sensitive information due to improper authorization controls on APIs. Recommendations: For versions 8.3 and 9.0, consider restricti...

CVE-2024-4499

A Cross-Site Request Forgery CSRF vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from the presence of a method of unauthorized access to certain APIs of the multifunction device's internal programs, which could allow...

Ant Media Server 安全漏洞

Ant Media Server is a real-time streaming engine software from Ant Media open source. It provides adaptive ultra-low latency streaming using WebRTC technology with a latency of approximately 0.5 seconds. A security vulnerability exists in Ant Media Server Community Edition prior to version 2.9.0...

CVE-2023-47142

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

CVE-2023-47142 IBM Tivoli Application Dependency Discovery Manager privilege escalation

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...