CVE-2024-27609

Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel...

Comarch ERP XL Security Vulnerability

Comarch ERP XL is an enterprise resource planning ERP software from Comarch Poland. A security vulnerability exists in Comarch ERP XL versions 2020.2.2 through 2023.2, which stems from a vulnerability that allows an attacker to retrieve plain text passwords...

PT-2024-13241

Name of the Vulnerable Software and Affected Versions Comarch ERP XL versions 2020.2.2 through 2023.2 Description The Comarch ERP XL client is vulnerable to an MS SQL protocol downgrade request from the server side, which could lead to unencrypted communication. This makes the communication...

JetBrains IntelliJ IDEA < 2023.2 Execution with Unnecessary Privileges (macOS)

The version of JetBrains IntelliJ IDEA installed on the remote macOS host is prior to 2023.2 It is, therefore, affected by an execution with unnecessary privileges vulnerability, due to the bundled Space plugin requesting excessive permissions. An authenticated, local attacker could exploit this...

CVE-2023-50092

APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting XSS...

APIIDA API Gateway Manager Security Vulnerability

APIIDA API Gateway Manager for Broadcom Layer7 is an APIIDA API gateway manager for Broadcom Layer7 from APIIDA Germany. It enables fast and reliable API deployment and migration as well as comprehensive API monitoring and alerting. A security vulnerability exists in APIIDA API Gateway Manager...

CVE-2023-35767

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service DoS via the shutdown function was identified. Reported by Jason Geffner...

PT-2023-25298 · Perforce · Helix Core

Name of the Vulnerable Software and Affected Versions: Helix Core versions prior to 2023.2 Description: An unauthenticated remote Denial of Service DoS via the shutdown function was identified. The issue was reported by Jason Geffner. Recommendations: For Helix Core versions prior to 2023.2, upda...

Perforce Software Perforce Helix Resource Management Error Vulnerability

Perforce Software Perforce Helix is an application software from Perforce Software, Inc. It provides application lifecycle management for products. A resource management error vulnerability exists in Perforce Software Perforce Helix Core prior to version 2023.2, which stems from a vulnerability...

SolarWinds Database Performance Analyzer 跨站脚本漏洞

SolarWinds Database Performance Analyzer is an application from SolarWinds USA. A security vulnerability exists in SolarWinds Database Performance Analyzer version 2023.2 that stems from insufficient input validation. An attacker can exploit this vulnerability to perform cross-site scripting...

PT-2023-24235 · Dpa · Dpa

Name of the Vulnerable Software and Affected Versions: DPA version 2023.2 Description: The issue is related to an XSS attack that was possible due to insufficient input validation. Recommendations: For DPA version 2023.2, update to a version that includes sufficient input validation to prevent XS...

CVE-2023-2760

An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to...

Sql injection

An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to...

CVE-2023-2760 TAPHOME SQL Injection in Core Platform

An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to...

PT-2023-21240 · Taphome · Taphome

Name of the Vulnerable Software and Affected Versions: TapHome versions prior to 2023.2 Description: An SQL injection issue exists in the HandleMessageUpdateDevicePropertiesRequest function, allowing low-privileged users to inject arbitrary SQL directives into an SQL query. This enables the...