CVE-2021-32958 Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel

Successful exploitation of this vulnerability on Claroty Secure Remote Access SRA Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface UI. With acces...

CVE-2022-29165

creationtimestamp| type| source ---|---|--- 2022-05-20 18:31:32+00:00| seen| https://t.me/cibsecurity/43061 2024-04-04 16:48:44+00:00| published-proof-of-concept| https://github.com/google/tsunami-security-scanner-plugins/tree/master/community/detectors/argocdexposedui...

Trudesk 安全漏洞

Chris Brame Trudesk is an open source helpdesk/ticketing solution from Chris Brame, USA. A security vulnerability exists in versions prior to Trudesk 1.2.2, which stems from an improper restriction in the UI layer or frames...

smallrye-health-ui: persistent cross-site scripting in endpoint

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...

CVE-2022-29174

countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...

CVE-2022-24856 Server-Side Request Forgery in FlyteConsole

FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery SSRF when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server...

Malicious code in eslint-plugin-seller-ui-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a2a70b6c59d84f180c6375345e6df311615b32f69cd6d6da58fd50cc54a12ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the Tablet Windows User Interface Application Core component in Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the Tablet Windows User Interface Application Core component in Windows operating systems is related to synchronization errors when using shared resources „Race Conditions“. Exploiting this vulnerability can allow attackers to gain increased privileges...

Security Bulletin: Cross-Site Scripting Vulnerability Affects the Dashboard User Interface of IBM Sterling B2B Integrator (CVE-2021-20553)

Summary IBM Sterling B2B Integrator has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2021-20553 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web ...

Security Bulletin: Access Control Security Vulnerability Exists in Dashboard User Interface of IBM Sterling B2B Integrator (CVE-2020-4646)

Summary IBM Sterling B2B Integrator has addressed the vulnerability. Vulnerability Details CVEID: CVE-2020-4646 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow an authenticated user to view pages they shoiuld not have access to due to improper authorization control. CVSS Bas...

CVE-2021-30361

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS...

CVE-2022-22320

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218367...

PHOENIX CONTACT RAD-ISM-900-EN-* 安全漏洞

The PHOENIX CONTACT RAD-ISM-900-EN- is a series of wireless modular Ethernet transceivers from PHOENIX CONTACT, Germany. A security vulnerability exists in PHOENIX CONTACT's RAD-ISM-900-EN- devices, which stems from an incorrect validation of integrity check values. An attacker could exploit the...

PHOENIX CONTACT RAD-ISM-900-EN-* 输入验证错误漏洞

The PHOENIX CONTACT RAD-ISM-900-EN- is a series of wireless modular Ethernet transceivers from PHOENIX CONTACT, Germany. An input validation error vulnerability exists in PHOENIX CONTACT's RAD-ISM-900-EN- device that stems from incorrect input validation. An attacker could exploit this...

CVE-2022-29126

Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability...

CVE-2021-39024

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

IBM Guardium Data Encryption 跨站脚本漏洞

IBM Security Guardium Data Encryption is an application from IBM USA that provides a modular set of encryption, tokenization, and key management solutions that enable organizations to protect data in local and hybrid multi-cloud environments. IBM Guardium Data Encryption GDE 4.0. 0.0.0 and 5.0.0....

KLA12526 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, gain privileges, cause denial of service, spoof user interface. Below is a complete list of...

SAP Web Dispatcher 跨站脚本漏洞

SAP Web Dispatcher is a core component of Load Balancing from SAP, which supports load balancing and provides reverse proxy functionality to enable external users to access internal applications. A cross-site scripting vulnerability exists in SAP Web Dispatcher and SAP Netweaver AS for ABAP and...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc USA. Google Chrome suffers from a resource management error vulnerability that stems from Browser UI reuse after release. A remote attacker can exploit this vulnerability to trick a victim into visiting a specially crafted web page, triggering a...