A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through ...
Continue Reading
December 15, 2023
CVE-2023-5561-PoC WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published ...
Continue Reading
December 15, 2023
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to ...
Continue Reading
December 15, 2023
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, productio ...
Continue Reading
December 15, 2023
Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. Patches The issue has been patched in the v0.34.34 and it's recomme ...
Continue Reading
December 15, 2023
Default table permissions in SurrealDB were FULL instead of NONE. This would lead to tables having FULL permissions for SELECT, CREATE, UPDATE and DELETE unless some other permissions were specified v ...
Continue Reading
December 15, 2023
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a ...
Continue Reading
December 15, 2023
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error messag ...
Continue Reading
December 15, 2023
Back to Main
