17 matches found
CVE-2025-40773
A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...
CVE-2025-40773
A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...
CVE-2025-40773
A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...
EUVD-2020-29639
Malware in sbrugna...
EUVD-2024-43465
Malicious code in bioql PyPI...
CVE-2024-10481 Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui
A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...
CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...
JetBrains YouTrack < 2024.3.47197 Arbitrary Code Execution
The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.47197. It is, therefore, affected by a vulnerability as referenced in the 2024347197 advisory. - Insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests JT-85294 Note that Nessus...
CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...
CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...
CVE-2024-49579
JetBrains YouTrack prior to 2024.3.47197 is affected by CVE-2024-49579 due to insufficient validation of the iframe plugin communication channel, allowing arbitrary JavaScript execution and unauthorized API requests. The issue stems from the iframe plugin; attacker-controlled payloads could be ex...
CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...
CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...
PT-2024-7356 · Jetbrains · Jetbrains Youtrack
Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.47197 Description: The issue is related to insufficient validation of the communication channel source in the iframe plugin of JetBrains YouTrack. This can allow an attacker to execute arbitrary...
CVE-2020-14325
A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request. Mitigation Red Hat recommends upgrading to secured released versions, however, this flaw can be...
CVE-2020-8791
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary...
CVE-2020-8791
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary...