CVE-2024-41674 : CKAN UP TO 2.10.4 PACKAGE_SEARCH INFORMATION EXPOSURE
Description CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues
CVE-2024-42362 : APACHE HERTZBEAT UP TO 1.5.X /API/MONITORS/IMPORT DESERIALIZATION
Description Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in
CVE-2024-43403 : KANISTERIO KANISTER UP TO 0.110.0 CREATE/PATCH/UDPATE PRIVILEGES MANAGEMENT
Description Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with
CVE-2024-42363 : ZENDESK SAMSON UP TO 3384 ROLEVERIFICATIONSCONTROLLER ROLE DESERIALIZATION
Description Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the
CVE-2024-43406 : LF-EDGE EKUIPER UP TO 1.14.1 SQL INJECTION
Description LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A
CVE-2024-41909 : APACHE MINA SSHD UP TO 2.11.0 TERRAPIN INTEGRITY CHECK
Description Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795.
CVE-2024-38530 : GUNET OPENECLASS UP TO 3.15 H5P MODULE UNRESTRICTED UPLOAD
Description The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload
How To Protect Your APIs From DDoS Attacks
In today’s digital age, application programming interfaces (APIs) play an important role in enabling applications to interact with each other.
CVE-2024-42408 : DORSETT CONTROLS INFOSCAN 1.32/1.33/1.35 CLIENT DOWNLOAD PAGE PATH TRAVERSAL
Description The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which
CVE-2024-42365 : ASTERISK PBX CONFIGURATION FILE /ETC/ASTERISK/ PRIVILEGE DEFINED WITH UNSAFE ACTIONS
Description Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and
CVE-2024-37901 : XWIKI-PLATFORM UP TO 14.10.20/15.5.4/15.10.1 AUTHORIZATION
Description XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user
CVE-2024-31202 : PLUG&TRACK THERMOSCAN IP 20211103 PERMISSION ASSIGNMENT
Description A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform
CVE-2023-48396 : APACHE SEATUNNEL WEB 1.0.0 APPLICATION.YML AUTHENTICATION SPOOFING
Description Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge
CVE-2024-41799 : TGSTATION-SERVER UP TO 6.7.X PATH TRAVERSAL
Description tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the “Set
CVE-2024-39304 : CHURCHCRM UP TO 5.9.1 /GETTEXT.PHP EID SQL INJECTION
Description ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated
CVE-2024-5618 : PRUVASOFT INFORMATICS APINIZER MANAGEMENT CONSOLE PRIOR 2024.05.1 PERMISSION ASSIGNMENT
Description Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained
CVE-2024-39907 : 1PANEL 1.10.9-TLS/1.10.10-TLS/1.10.11-TLS SQL INJECTION
Description 1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some
CVE-2024-29737 : APACHE STREAMPARK UP TO 2.1.3 PROJECT MODULE COMMAND INJECTION
Description In streampark, the project module integrates Maven’s compilation capabilities. The input parameter validation is not strict, allowing attackers to
CVE-2024-21513 : LANGCHAIN-EXPERIMENTAL UP TO 0.0.20 DATABASE EVAL CODE INJECTION
Description Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values
CVE-2024-39736 : IBM DATACAP NAVIGATOR 9.1.5/9.1.6/9.1.7/9.1.8/9.1.9 HTTP HEADER HOST HTTP HEADERS FOR SCRIPTING SYNTAX
Description IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation
CVE-2024-6624 : JSON API USER PLUGIN UP TO 3.9.3 ON WORDPRESS REMOTE CODE EXECUTION
Description The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including,
CVE-2024-6397 : INSTAWP CONNECT PLUGIN UP TO 0.1.0.44 ON WORDPRESS IMPROPER AUTHENTICATION
Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all
CVE-2024-3799 : PHONIEBOX UP TO 2.7 HEADER PARAMETER OS COMMAND INJECTION
Description Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project
CVE-2024-6556 : SMARTCRAWL SEO CHECKER, SEO ANALYZER, SEO OPTIMIZER PLUGIN INFORMATION DISCLOSURE
Description The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in