kafka-ui OS Command Injection Vulnerability

kafka-ui is an open source Web UI for Apache Kafka. A security vulnerability in kafka-ui versions 0.4.0 through 0.7.1 exists that originates from a vulnerability that could allow a remote attacker to execute arbitrary code via parameter q in /api/clusters/local/topics/messages...

PT-2024-1870 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.4 through 16.7.5 GitLab EE versions 16.8 through 16.8.2 GitLab EE versions 16.9 through 16.9.0 Description: An issue has been discovered in GitLab EE, where users with the Guest role can change Custom dashboard projects...

Apache Airflow Security Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow versions 2.3.0 up to and including 2.6....

Hitron Systems DVR Security Vulnerability

Hitron Systems DVR is a digital video recorder from Hitron Systems, a South Korean company. A security vulnerability exists in Hitron Systems DVR HVR-8781 versions 1.03 through 4.02, which stems from incorrect input validation. An attacker could exploit the vulnerability to trigger a cyber attack...

PT-2024-19557

Name of the Vulnerable Software and Affected Versions Hitron Systems DVR LGUVR-8H versions 1.02 through 4.02 Description The issue is related to improper input validation, which can allow an attacker to cause a network attack if the default admin ID and password are used. Recommendations For...

PT-2024-1633 · Apache · Apache Brpc

Name of the Vulnerable Software and Affected Versions: Apache bRPC versions 0.9.5 through 1.7.0 Description: The issue arises from the http parser not complying with the RFC-7230 HTTP 1.1 specification, specifically when handling messages with both Transfer-Encoding and Content-Length header...

CVE-2024-20950

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite component: Outcome-Result. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Custom...

Oracle Audit Vault and Database Firewall Security Vulnerabilities

Oracle Audit Vault and Database Firewall is a database security solution from Oracle Corporation. A security vulnerability exists in Oracle Audit Vault and Database Firewall versions 20.1 through 20.9. An attacker could exploit the vulnerability to perform unauthorized updates, insertions, or...

PT-2024-1145 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0 Description: The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via HTT...

advanced-data-generator (=1.0.0), agixt (=1.2.3) +169 more potentially affected by unknown CVE via streamlit (>=0.63.1 <=1.2.0)

streamlit PYPI version =0.63.1, =0.8.0, =0.4.1, =0.2.0, =0.0.2, =0.1.0, =0.5.0, =0.1.0, =0.2.0, =0.2.8 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8QW9-GF7W-42X5...

CVE-2023-49131

A vulnerability has been identified in Solid Edge SE2023 All versions V223.0 Update 10. The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current...

appw (>=0.0.1 <=0.0.2), appwrite-sync (=0.4.5) +8 more potentially affected by CVE-2023-50974 via appwrite (>=0.10.0 <=2.0.2)

appwrite PYPI version =0.10.0, =0.0.1, =0.1.0, =1.1.5, =0.0.36, =0.1.0, =0.1.4, =1.0.0, =2.0.1 - views-stepshifter =1.1.0 Source cves: CVE-2023-50974 Source advisory: OSV:PYSEC-2024-2...

IBM Storage Fusion Security Vulnerability

IBM Storage Fusion is a fully integrated platform from International Business Machines IBM for running and maintaining all native Red Hat OpenShift applications. A security vulnerability exists in IBM Storage Fusion HCI versions 2.1.0 through 2.6.1, which stems from the system containing hard-cod...

Apache InLong 代码注入漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A code injection vulnerability exists in Apache InLong versions 1.5.0 through 1.9.0, which stems from the presence of a code...

org.jeecgframework.boot:jeecg-boot-starter-cloud (>=3.4.0 <=3.5.3), org.jeecgframework.boot:jeecg-boot-starter-lock (>=3.4.0 <=3.5.3) +1 more potentially affected by CVE-2023-41544 via org.jeecgframework.boot:jeecg-boot-common (>=3.4.0 <=3.5.3)

org.jeecgframework.boot:jeecg-boot-common MAVEN version =3.4.0, =3.4.0, =3.4.0, =3.4.0, =3.5.3 Source cves: CVE-2023-41544 Source advisory: OSV:GHSA-49JP-CGHC-P5PJ...

@askcodebase/wrangler (>=3.15.0 <=3.15.8), @astrojs/cloudflare (>=0.0.0-404-fix-20231115224256 <=8.0.1) +17 more potentially affected by CVE-2023-7078 via miniflare (>=3.20230904.0 <=3.20231030.1)

miniflare NPM version =3.20230904.0, =3.15.0, =0.0.0-404-fix-20231115224256, =1.0.274, =0.0.0-1e516e3, =0.9.0, =0.0.5, =0.2.0, =0.0.1, =0.0.6, =0.0.0-next-0ae7cbe-20231025215955, =0.0.0-next-0ae7cbe-20231025215955, =0.0.1, =0.0.1, =1.0.6, =2.0.7-alpha.1 and more Source cves: CVE-2023-7078 Source...

CVE-2023-44088

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774...

CVE-2023-7102

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

PT-2023-32828 · WordPress +1 · Backup Migration +1

Name of the Vulnerable Software and Affected Versions: Backup Migration plugin for WordPress versions 1.0.8 through 1.3.9 Description: The issue allows unauthenticated attackers to include remote files on the server, resulting in code execution, via the content-dir HTTP header. Successful...

@abcpros/xpicash (>=1.1.1 <=1.1.2), @bcash-org/bcash (=1.0.0-pre) +69 more potentially affected by CVE-2023-50475 via bsock (>=0.0.2 <=0.1.11)

bsock NPM version =0.0.2, =1.1.1, =0.0.12, =1.0.0, =1.0.0, =0.0.12, =0.0.1, =1.0.1, =0.0.1, =1.0.2, =1.1.1 and more Source cves: CVE-2023-50475 Source advisory: OSV:GHSA-JJ93-39PF-7MCF...