An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2 all versions, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and...
Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain making...
Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.This issue affects Assist: through 10.02.2025. More information : https://www.usom.gov.tr/bildirim/tr-25-0309
Incorrect authentication vulnerability in OpenSIAC, which could allow an attacker to impersonate a person using Cl@ve as an authentication method. More information : https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-authentication-gtts-group-opensiac
Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint ‘/sociopro/profile/update_profile’, affecting to ‘name’ parameter via POST. This vulnerability could allow a remote user to send...
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic...
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the “/ekushey/index.php/client/project_bug/create/xxx”, affecting to “title” and “description” parameters via POST. This vulnerability could...
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the “/ekushey/index.php/client/project_file/upload/xxxx”, affecting to “description” parameter via POST. This vulnerability could allow a...
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the “/ekushey/index.php/client/project_message/add/xxx”, affecting to “message” parameter via POST. This vulnerability could allow a...
Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin’s system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0...
Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin’s system and project admin access is well protected. Users are...
Privilege Escalation in operations API in Canonical LXD
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints. More information : https://github.com/canonical/lxd/security/advisories/GHSA-p3x5-mvmp-5f35
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses. More information : https://github.com/canonical/lxd/security/advisories/GHSA-xch9-h8qw-85c7