CVE-2024-4898-Poc CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrati ...
Continue Reading
June 14, 2024
Vulnerabilities for packages: opensearch, management-api-for-apache-cassandra, cloudwatch-exporter, selenium, wavefront-proxy, neo4j, spark,...Read More ...
Continue Reading
June 14, 2024
Vulnerabilities for packages: opensearch, management-api-for-apache-cassandra, cloudwatch-exporter, selenium, wavefront-proxy, neo4j, spark,...Read More ...
Continue Reading
June 14, 2024
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool ca ...
Continue Reading
June 14, 2024
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentica ...
Continue Reading
June 14, 2024
Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an adm ...
Continue Reading
June 14, 2024
It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the ...
Continue Reading
June 14, 2024
Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/mode ...
Continue Reading
June 14, 2024
Back to Main
