Openfire Administration Console - Authentication Bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

EUVD-2021-16061

Malware in sbrugna...

EUVD-2023-2726

Malicious code in bioql PyPI...

EUVD-2021-28256

Malicious code in bioql PyPI...

EUVD-2022-28588

Malicious code in bioql PyPI...

EUVD-2024-46369

Malicious code in bioql PyPI...

EUVD-2021-8676

Malicious code in bioql PyPI...

CVE-2022-24708

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with element...

CVE-2024-11146

TrueFiling (cloud-hosted filing system) prior to version 3.1.112.19 trusts client-controlled identifiers passed in URLs, enabling authenticated users to manipulate identifiers to gain partial access to case information and to partially change user access. The issue is a user-controlled authorizat...

Siemens Location Intelligence suffers from insufficient encryption strength vulnerability

Location Intelligence is a web-based application that creates transparency in production and logistics processes based on location data, thus uncovering optimization potential. Siemens Location Intelligence suffers from an insufficient encryption strength vulnerability, which can be exploited by ...

CVE-2024-33800

A SQL injection vulnerability in /model/getstudent1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter...

FreeBSD : Openfire administration console authentication bypass (9bcff2c4-1779-11ef-b489-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9bcff2c4-1779-11ef-b489-b42e991fc52e advisory. - Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative...

Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17936)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin has an input validation error vulnerability that can be exploited by an attacker to update the cron API usi...

Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17937)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from an input validation error vulnerability that can be exploited by an attacker to execute a...

Siemens Location Intelligence Uses Hard-Coded Credentials Vulnerability

Location Intelligence is a web-based application that creates transparency in production and logistics processes based on location data, thus uncovering optimization potential. Siemens Location Intelligence suffers from a Use Hardcoded Credentials vulnerability that can be exploited by an attacke...

Siemens SINEC INS Denial of Service Vulnerability

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. A denial of service vulnerability exists in Siemens SINEC INS, whic...

Siemens SINEC INS Denial of Service Vulnerability (CNVD-2023-97253)

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. A denial of service vulnerability exists in Siemens SINEC INS, whic...

CVE-2023-45823

CVE-2023-45823 affects Artifact Hub. A bug allowed reading arbitrary files when processing git-based repositories loaded into Artifact Hub, due to insufficient validation of symbolic links in certain repositories. The root cause is lack of validation of symbolic links during repository cloning/pr...

CVE-2023-45823 Arbitrary file read in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

CVE-2023-45821

Artifact Hub (artifacthub.io) has a vulnerability in the registryIsDockerHub check where the code only inspects the registry domain ending with docker.io, enabling credential hijacking by using a fake OCI registry on a domain that ends with docker.io. The issue affects how Docker credentials used...