Delinea PAM Secret Server 安全漏洞

Delinea PAM Secret Server is a key service manager from Delinea. An Access Control Error vulnerability exists in Delinea PAM Secret Server version 11.4, which can be exploited by an attacker to view system reports and modify customized reports via the Reports feature in the Web UI when Unrestrict...

CVE-2023-38723

IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 2621...

PT-2024-2573 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.8.0 through 2.8.2 Description: The issue is related to insufficient access control in Apache Airflow, allowing an authenticated user with limited permissions to access resources such as variables, connections, etc...

IBM Maximo Application Suite 跨站脚本漏洞

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Maximo Application Suite version 7.6.1.3, which stems...

CVE-2023-49785

NextChat/ChatGPT-Next-Web (CVE-2023-49785) is affected up to version 2.11.2 and earlier. The vulnerability enables Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) via the /api/cors endpoint, allowing read access to internal HTTP endpoints and, in some cases, write access. Attack...

UBUNTU-CVE-2024-23254

The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin...

[SECURITY] Fedora 40 Update: eclipse-swt-4.29-4.fc40

SWT is an open source widget toolkit for Java designed to provide efficient, portable access to the user-interface facilities of the operating systems on which it is implemented. %javadocpackage...

CVE-2024-2241

Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions...

Improper access control

Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions...

CVE-2024-2241

CVE-2024-2241 affects Devolutions Workspace (versions up to and including 2024.1.0). The vulnerability is due to improper access control in the user interface, allowing an authenticated user to perform unintended actions through specific permissions. The Red Hat/NVD entries corroborate the same d...

CVE-2024-2241

Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions...

Apple visionOS Security Vulnerability

Apple visionOS is an operating system for AR glasses from Apple USA. A security vulnerability exists in Apple visionOS version 1.1, which stems from an application that may be able to spoof system notifications and UI...

KLA64845 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Implementation vulnerability in V8 can be exploited to cause denial...

A New Way To Manage Your Web Exposure: The Reflectiz Product Explained

An in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks. Reflectiz shields websites from client-side attacks, supply chain risks, data breaches, privacy violations, a...

BIT-GITLAB-2020-13311

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface...

BIT-JUPYTERLAB-2021-32797 JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html . Using this it is possible to trigger the form...

IBM Engineering Requirements Management DOORS Cross-Site Scripting Vulnerability

IBM Engineering Requirements Management DOORS is a requirements management tool. A cross-site scripting vulnerability exists in IBM Engineering Requirements Management DOORS, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI...

Huawei EMUI 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A denial of service vulnerability exists in Huawei...

The vulnerability of Windows operating system printing services allows attackers to perform spoofing attacks.

The vulnerability of Windows operating system printing services is related to errors in information representation by the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

CVE-2023-38360

IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260769...