CVE-2024-42490 : GOAUTHENTIK API ENDPOINT IMPROPER AUTHORIZATION
Description authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main
Description authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main
Description A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2
Description Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored
Description Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication. References https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-035.txt
Description Mattermost versions 9.9.x
Description A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. Affected is an unknown
Description The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to
Description Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with
Description A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications
Description The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to
Description This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0,
Description DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to
Description Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user
Description Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a
Description CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues
Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may
Description Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary
Description Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local
Description Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in
Description Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with
Description Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the
Description An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and
Description An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate
Description LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A