EUVD-2022-35263

Malicious code in bioql PyPI...

CVE-2024-39208

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials...

CVE-2024-39208

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials...

CVE-2024-32738

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "queryptasklean" function within MCUDBHelper...

CVE-2024-32739 CyberPower PowerPanel Enterprise SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "queryptaskverbose" function within MCUDBHelper...

CVE-2024-32737

CyberPower PowerPanel Enterprise

GHSA-G687-F2GX-6WM8 Argo CD repo-server Denial of Service vulnerability

Impact All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious,...

CVE-2022-30049

A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...

CVE-2022-30049

A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...

CVE-2022-30049

CVE-2022-30049 describes a Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 triggered via the fileurl parameter. The vulnerability allows attackers to obtain the real IP address and scan intranet information through that parameter. Connected sources consistently identify Rebuild version 2.8.3...

CVE-2022-30049

A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...

CVE-2021-30224

Cross Site Request Forgery CSRF in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials...

CVE-2021-30224

Cross Site Request Forgery CSRF in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials...

CVE-2021-30224

The CVE-2021-30224 entry concerns Rukovoditel v2.8.3 vulnerable to Cross-Site Request Forgery (CSRF). The root cause is that the web application does not adequately verify request origin, allowing an attacker to create an admin user with arbitrary credentials. Affected software is Rukovoditel v2....