HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by…
OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line item containing a vulnerable product. An…
ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the `com.epam.reportportal:service-api` module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the test_item.path field is exceeded the allowable `ltree` field type indexing limit (path length>=120, approximately…
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not…
Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <=Â 1.9.1 versions. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to send a specifically crafted query to the server. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database