ADOKit – Azure DevOps Services Attack Toolkit

Azure DevOps Services Attack Toolkit - ADOKit is a toolkit that can be used to attack Azure DevOps Services by taking advantage of the available REST API. The tool allows the user to specify an attack ...

Continue Reading

April 06, 2024

Remote Code Execution (RCE)

pgAdmin is vulnerable to Remote Code Execution (RCE). The vulnerability is due improper validation within the binary path API, which allows attackers to execute arbitrary code on the...Read More ...

Continue Reading

April 06, 2024

CVE-2024-29192

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-sup ...

Continue Reading

April 05, 2024

CVE-2023-4605

A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event...Read More ...

Continue Reading

April 05, 2024

CVE-2024-31218

Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critic ...

Continue Reading

April 05, 2024

CVE-2024-31848

A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to g ...

Continue Reading

April 05, 2024

Grafana: Users outside an organization can delete a snapshot with its key

Summary The DELETE /api/snapshots/{key} endpoint allows any Grafana user to delete snapshots if the user is NOT in the organization of the snapshot Details An attacker (a user without organization aff ...

Continue Reading

April 05, 2024

Visual Planning REST API 2.0 Authentication Bypass

...Read More ...

Continue Reading

April 05, 2024

1 8,332 8,333 8,334 8,335 8,336 9,321

Back to Main
Subscribe for the latest news: