Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in...Read More ...
Continue Reading
May 23, 2025
Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to rea ...
Continue Reading
May 23, 2025
A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation lead ...
Continue Reading
May 23, 2025
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists b ...
Continue Reading
May 23, 2025
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset ...
Continue Reading
May 23, 2025
A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to per ...
Continue Reading
May 23, 2025
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST...Read More ...
Continue Reading
May 23, 2025
In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request...Read More ...
Continue Reading
May 23, 2025
Back to Main
