CVE-2024-21879

Enphase IQ Gateway (Envoy) is affected by CVE-2024-21879, a Command Injection vulnerability exploitable via a URL parameter on an authenticated endpoint. Affected versions are 4.x through 8.x and any version before 8.2.4225. The root cause is improper neutralization of special elements in the URL...

Cross site request forgery (csrf)

perfSONAR v4.x = v4.4.5 was discovered to contain a Cross-Site Request Forgery CSRF which is triggered when an attacker injects crafted input into the Search function...

CVE-2022-41413

CVE-2022-41413 affects perfSONAR v4.x through v4.4.5, with a Cross-Site Request Forgery (CSRF) vulnerability triggered when crafted input is injected into the Search function. The issue is a partial blind CSRF that can cause the client to issue background requests to arbitrary URLs, bypassing the...

GHSA-455W-C45V-86RG fastify vulnerable to denial of service via malicious Content-Type

Impact An attacker can send an invalid Content-Type header that can cause the application to crash, leading to a possible Denial of Service attack. Only the v4.x line is affected. This was updated: upon a close inspection, v3.x is not affected after all. Patches Yes, update to v4.8.0. Workarounds...

XTB Trade Brokers v4.x - Critical Pointer Vulnerability

Document Title: =============== XTB Trade Brokers v4.x - Critical Pointer Vulnerability Release Date: ============= 2011-07-28 Vulnerability Laboratory ID VL-ID: ==================================== 41 Product & Service Introduction: =============================== XTB4 is one of the most famous...