PT-2023-25931 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions 12.0.26 through 12.3.2 Description: The issue allows SQL Injection via parameters such as scheduling, repeatforms, purpose, app title, or randomization. Recommendations: For versions 12.0.26 and 12.3.2, consider restricting...

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions 1.4.0 to 1.7.0. The vulnerability stems from insecure...

Apache InLong SQL注入漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. It provides automated, secure and reliable data transfer capabilities. A SQL injection vulnerability exists in Apache InLong versions 1.4.0 through 1.7.0, which stems from vulnerability to SQL...

Gallagher Command Centre Server 缓冲区错误漏洞

Gallagher Command Center Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Centre Server versions 8.80 through 8.80.1192 MR2, which stems from a stack-based buffer overflow that allow...

NodeBB 路径遍历漏洞

NodeBB is a forum system built using Node.js a web application platform built on top of Google's V8 JavaScript engine by the Design Create Play team. A path traversal vulnerability exists in NodeBB versions 2.5.0 to 2.8.7, which is caused by the use of object deconstruction assignment syntax in t...

PT-2023-25026 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.8 through 15.11.10 GitLab EE versions 16.0 through 16.0.6 GitLab EE versions 16.1 through 16.1.1 Description: An issue has been discovered in GitLab EE, allowing an attacker to change the name or path of a public top-lev...

Galaxy Software Services Vitals ESP 信任管理问题漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A trust management issue vulnerability exists in Vitals ESP versions 3.0.8 through 6.2.0, which arises from the use of a hard-coded encryption key that can be exploited by an...

@agor-live/client (>=0.16.0 <=0.19.1), @b3dotfun/b3-api (>=0.0.2 <=0.0.102) +127 more potentially affected by CVE-2023-37899 via @feathersjs/transport-commons (>=5.0.11 <=5.0.5)

@feathersjs/transport-commons NPM version =5.0.11, =0.16.0, =0.0.2, =0.0.0, =0.0.1-react-native, =0.0.1-alpha.1, =1.0.0, =0.0.10, =5.0.0-pre.0, =0.1.0, =0.1.0, =0.3.1, =0.1.0, =0.4.0-pre.0, =0.4.0-pre.3 and more Source cves: CVE-2023-37899 Source advisory: OSV:GHSA-HHR9-RH25-HVF9...

HashiCorp Nomad 安全漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. for managing containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad and Nomad Enterpris that stems from an HTTP search API...

IBM Spectrum Protect 输入验证错误漏洞

IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from International Business Machines IBM. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud...

CVE-2023-34141

A command injection vulnerability in the access point AP management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.00 through 5.36 Patch 2, USG20W-VPN series firmware...

PT-2023-5117 · Wireshark +4 · Wireshark +4

Name of the Vulnerable Software and Affected Versions: Wireshark versions 4.0.0 through 4.0.6 Description: The issue is related to a buffer overflow in memory, which can be exploited to cause a denial of service. This can occur through packet injection or by using a crafted capture file,...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +135 more potentially affected by CVE-2023-22888 via apache-airflow (>=1.8.2 <=2.5.3)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-22888 Source advisory: OSV:PYSEC-2023-105...

DEBIAN-CVE-2023-32200

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...

GHSA-MRR8-V49W-3333 sweetalert2 contains potentially undesirable behavior

sweetalert2 versions from 11.6.14 to before 11.22.4 have potentially undesirable behavior. The package outputs audio and/or video messages that do not pertain to the functionality of the package when run on specific tlds. This functionality is documented on the project's readme...

PT-2023-25776 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11.x up to 1.11.20 Description: The issue allows users with admin privilege accounts to insert XSS in the careers and promotions management section. This can potentially lead to malicious script execution. Recommendations:...

PT-2023-25865 · Microsoft +3 · Azure +3

Name of the Vulnerable Software and Affected Versions: OpenComputers versions 1.2.0 through 1.8.3 Description: This issue affects OpenComputers with the Internet Card feature enabled, allowing players to gain access to sensitive information exposed via metadata services' API endpoints, such as...

PT-2023-3898 · Unknown · Pnp4Nagios

Name of the Vulnerable Software and Affected Versions: PNP4Nagios versions 0.6.26 through 81ebfc5 Description: The issue is related to stored XSS in the AJAX controller via the basket API and filters. This can be exploited by a remote attacker to perform cross-site scripting attacks. The...

UBUNTU-CVE-2023-35939

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user or not for certain actions, allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8...

PT-2023-4275 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.7 Description: The issue is related to a SQL injection attack that can be driven through the GLPI inventory endpoint, which by default requires no authentication. This allows a remote attacker to execute...