Securing 3rd party API Integrations

Description XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it’s possible to inject arbitrary wiki

Description Improper Authentication vulnerability in ABB Symphony Plus S+ Operations allows Man in the Middle Attack. This issue affects Symphony

Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish

Description The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could

Description In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. References https://lkml.org/lkml/2023/2/22/3 For

Description Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion. This issue affects COSLAT Firewall: from

Description An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if

Description A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended

Description Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the

Description IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on

Description A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7,

Description Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass. References https://www.gov.il/en/Departments/faq/cve_advisories For More Information

Description Windows iSCSI Discovery Service Remote Code Execution Vulnerability. References https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21803 For More Information MITRE

Description Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a

Description Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and

Description Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user

Description Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary

Description An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users

Description Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html,

Description A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2

Description All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input

Description Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. References https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc For More Information MITRE

Description IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when