CVE Catalog

An improper access control vulnerability has been identified in Klaw, a self-service Apache Kafka topic management tool, in versions through 2.10.3. This vulnerability allows for the unauthorized disclosure of password hashes. The issue has been addressed in version 2.10.4, where the affected endpoint was removed from the application.

A denial-of-service vulnerability has been identified in Klaw, a self-service Apache Kafka topic management tool, prior to version 2.10.4. The issue arises from inconsistent handling of username case sensitivity in the user registration and login processes. This discrepancy allows a malicious actor to register an account using a variation of an existing username's case, resulting in both accounts becoming completely inaccessible. The original and the case-variant accounts cannot be logged into, and this collision disrupts administrative tools, preventing the deletion of either account through the application interface.

A vulnerability allowing authentication bypass via an alternate path or channel has been identified in the WP Swings Wallet System for WooCommerce, affecting versions through 2.7.5. This vulnerability allows exploitation of the password recovery feature, potentially leading to unauthorized actions being performed by users with lower privileges.

An authentication bypass vulnerability has been identified in the Liquid Web / StellarWP BookIt plugin, specifically in versions prior to 2.5.4.1. This vulnerability allows for password recovery exploitation by bypassing authentication mechanisms.

A vulnerability exists in Genetec Security Center main server installations, versions 5.7 SR6 through 5.13, allowing an attacker with local OS privileges to access Server Admin credentials. This issue arises from certain installation package builds that logged sensitive information under specific conditions. A third-party source identified the vulnerability, but there is no current evidence of active exploitation.

A clickjacking vulnerability has been identified in Transmission version 4.1.1. The issue arises because the browser-facing WebUI and RPC response paths do not include anti-clickjacking headers, leaving them susceptible to being embedded in an attacker-controlled page. This omission can be exploited to perform clickjacking attacks on authenticated users, potentially leading to unauthorized actions being taken on their behalf.

A path traversal vulnerability has been identified in the VIVOTEK FD8136 camera firmware version 0300a. The issue resides in the /admin/downloadMedias.cgi endpoint, where authenticated attackers can send crafted requests to read arbitrary files from the device's filesystem. The vulnerability arises because the endpoint's path validation only checks that the user-supplied path begins with '/mnt/auto/', without properly sanitizing the input. This allows exploitation by traversing out of the intended directory to access sensitive files, such as '/etc/passwd' and other critical configuration files.

A stack-based buffer overflow vulnerability has been identified in the VIVOTEK FD8136 camera firmware FD8136-VVTK-0300a. This vulnerability resides in the motion_privacy.cgi binary, which is accessed through the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, and /cgi-bin/admin/setmd_profile.cgi endpoints, all of which are symlinked to the same binary. The issue allows authenticated remote attackers to execute arbitrary code as root by exploiting an oversized n1 parameter in a POST request. The vulnerability arises because the parameter value is copied into a fixed-size stack buffer of 0xa4 bytes without proper bounds checking, overwriting the saved link register. Additionally, the binary is compiled without stack canaries, leaving it susceptible to exploitation.

A vulnerability in NamelessMC's OAuth callback handling in versions through 2.2.4 allows for Cross-Site Request Forgery (CSRF) attacks during the OAuth login process. The issue arises because the application does not validate the 'state' parameter on the server side before exchanging the authorization code. This oversight enables an attacker to capture a valid OAuth callback URL and trick a victim's browser into authenticating as the attacker's account. The vulnerability has been patched in version 2.2.5.

A vulnerability in NamelessMC version 2.2.4 allows low-privileged authenticated users to access hidden forum posts through the 'get_quotes.php' endpoint. The issue arises because the forum module does not properly enforce access control lists (ACLs) for forums or topics. While the 'view_topic.php' page correctly manages forum visibility and topic access rights, 'get_quotes.php' only verifies if a user is logged in before retrieving post content based on an attacker-specified post ID. This flaw enables enumeration of post IDs and access to content from private, hidden, or staff-only forums.

A remote buffer overflow vulnerability has been identified in the Vivotek FD8136 camera model, specifically in the admin interface endpoint /cgi-bin/dido/setdo.cgi. This vulnerability affects cameras running firmware version FD8136-VVTK-0300a. The issue allows an authenticated attacker to execute arbitrary code as root on the device. The vulnerability arises because the affected CGI endpoint manages the camera's digital input/output configuration but fails to properly validate the length of the data being sent in POST requests. As a result, an attacker can overwrite a fixed-size stack buffer, manipulate the saved link register, and execute malicious code with root privileges.

A post-authentication remote buffer overflow vulnerability has been identified in the Vivotek FD8136 camera model, specifically in the eventtask.cgi endpoint of the admin interface. This vulnerability is present in cameras running firmware version FD8136-VVTK-0300a. The flaw allows an authenticated attacker to execute arbitrary code as root on the device remotely. The vulnerability arises because the eventtask.cgi binary processes POST requests by reading the raw request body into a fixed-size stack buffer of approximately 136 bytes, without proper length validation. This oversight enables attackers to overflow the buffer, overwrite the saved link register, and execute arbitrary commands with root privileges. The absence of stack canaries or other memory protections in the binary facilitates exploitation.

A buffer overflow vulnerability has been identified in the VIVOTEK FD8136 camera, specifically in the component set_getparam.cgi. This vulnerability allows remote attackers to execute arbitrary code on the device. The issue arises from the cgi-bin/anonymous/setparam.cgi endpoint, which lacks proper input validation. The vulnerability is present in firmware version FD8136-VVTK-0300a and possibly other versions.

A vulnerability exists in the SIP signaling stack of Verizon's IMS network, affecting an unspecified version. The issue arises because SIP signaling is implemented without IPsec integrity protection, missing essential Security-Client/Security-Server headers and ESP traffic. This lack of protection allows an on-path attacker to compromise the confidentiality, integrity, and authenticity of VoLTE signaling. Unsecured SIP messages can be passively monitored and actively manipulated over the radio and core network.

A vulnerability exists in Amazon Kiro IDE versions prior to 0.11, where insufficient access control in the file write tool may allow remote unauthenticated actors to execute arbitrary commands. This is achieved by crafting instructions that write to execution-sensitive paths, such as .vscode/tasks.json, which can trigger auto-execution when the folder is opened.

An out-of-bounds write vulnerability has been identified in the Bitdefender Napoca bare-metal hypervisor. This issue arises in the real-mode hook handler, where a guest-controlled SS:SP-derived offset is used to index into the 1MB RealModeMemory buffer without proper bounds validation. With specific values for SS and ESP, the offset can exceed the buffer limit, allowing the IRET frame push to write into the hypervisor heap. This vulnerability is present in a product that is end-of-life and no longer supported.

An out-of-bounds write vulnerability has been identified in the Bitdefender Napoca bare-metal hypervisor. The issue arises in the BIOS INT 0x15 / E820 memory map handler, where the destination offset for writing into the guest RealModeMemory buffer is calculated based on guest-controlled register values. This calculation lacks proper validation, allowing a malicious guest operating in real mode to write up to 20 bytes beyond the allocated 1MB RealModeMemory limit, into the hypervisor heap. The vulnerability can be triggered by invoking INT 0x15 with specific register values, including AX=0xE820, EDX=0x534D4150, ECX of 20 or more, EBX=0, ES=0xFFFF, and EDI=0xFFFF.

A vulnerability exists in Roche Diagnostics navify Digital Pathology, specifically within the RabbitMQ Management interface modules, due to the use of default credentials. This issue affects navify Digital Pathology versions 2.0.0 prior to 2.4.1.

A vulnerability allowing remote authenticated attackers to obtain plain-text credentials used to connect to the Sitefinity Insight service has been identified in Progress Sitefinity. This issue affects versions 8.0.5700 prior to 13.3.7652. The vulnerability arises from insufficient protection of credentials in web services, specifically in ServiceStack web services. Successful exploitation requires active integration with Sitefinity Insight, non-default site configuration, and valid back-end authorization.

A vulnerability allowing remote unauthenticated attackers to access plain-text credentials for the Sitefinity Insight service has been identified in Progress Sitefinity. This issue affects versions 14.0.7700 to 14.4.8152, 15.0.8200 to 15.0.8234, 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630. The vulnerability arises from insufficient protection of credentials in web services, specifically OData and ServiceStack, and requires active integration with Sitefinity Insight and a non-default site configuration for exploitation.

A vulnerability allowing authorization bypass through user-controlled keys has been identified in Progress Sitefinity versions 15.2.x prior to 15.2.8441, 15.3.x prior to 15.3.8531, and 15.4.x prior to 15.4.8630. This vulnerability allows remote authenticated attackers to modify the account properties of other users, potentially leading to account compromise. Exploitation requires knowledge of certain values not typically accessible to low-privileged users.

A vulnerability allowing improper access control in web services has been identified in Progress Sitefinity versions 15.4.8623 prior to 15.4.8630. This vulnerability allows remote unauthenticated attackers to access restricted content, leading to a full compromise of the confidentiality, integrity, and availability of affected installations.

A vulnerability allowing remote, unauthenticated attackers to compromise the integrity and confidentiality of user accounts has been identified in Progress Sitefinity versions 14.1.x through 14.3.x, 14.4.x prior to 14.4.8152, 15.0.x prior to 15.0.8234, 15.1.x prior to 15.1.8335, 15.2.x prior to 15.2.8441, 15.3.x prior to 15.3.8531, and 15.4.x prior to 15.4.8630. This vulnerability arises from improper input validation in web services, specifically in OData web services, and successful exploitation requires user interaction and a non-default site configuration.

A broken access control vulnerability has been identified in the Elementor Website Builder plugin for WordPress, affecting versions through 4.1.0. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A path traversal vulnerability has been identified in Gleam's dependency management system, specifically in versions 0.18.0-rc1 prior to 1.17.0. This vulnerability allows for arbitrary directory deletion through malicious content in the 'build/packages/packages.toml' file. The issue arises because package keys from this file are read without validation and used to construct filesystem paths. These paths can then be exploited to delete directories outside the intended 'build/packages/' directory. Both absolute paths and relative traversal sequences are accepted as package keys, enabling the deletion of arbitrary directories on the victim's system.

A symlink following vulnerability has been identified in Gleam's Hex package export feature. This vulnerability allows files located outside the project root to be embedded in the generated package tarball. The issue arises because the file collection helpers in the compiler CLI module follow symlinks when traversing publishable directories, such as 'src/' and 'priv/'. The collected paths are then added to the package archive without verifying that they remain within the project root. As a result, a symlink placed in a publishable directory can lead to the inclusion of arbitrary files in the Hex package. This vulnerability affects Gleam versions 0.10.0-rc1 prior to 1.17.0.

A vulnerability exists in Siemens RUGGEDCOM RST2428P (6GK6242-6PA00) versions prior to 4.0. The issue arises because the application stores sensitive information in the browser cache when an authenticated user makes certain configuration changes. This behavior could enable an authenticated attacker to retrieve sensitive data from the browser cache.

A deserialization vulnerability allowing object injection has been identified in the Elated Themes Askka WordPress theme, affecting versions through 1.3.1. This vulnerability arises from the improper handling of untrusted data, which could potentially be exploited to execute arbitrary code, inject malicious SQL, traverse file paths, cause denial-of-service conditions, and more, if a suitable property-oriented programming chain is available.

A local file inclusion vulnerability has been identified in the Select-Themes WaveRide WordPress theme, affecting versions through 1.4. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion. Exploitation of this issue could enable a malicious actor to include local files from the target website and display their contents, potentially leading to a complete database takeover if sensitive files containing database credentials are accessed.

A local file inclusion vulnerability has been identified in the Code Supply Co. Blueprint WordPress theme, affecting versions prior to 1.1.5. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion. Exploitation of this issue could enable a malicious actor to include local files from the target website and display their contents, potentially leading to the exposure of sensitive information such as database credentials.

A stack-based buffer overflow vulnerability has been identified in the export_language.cgi binary of the VIVOTEK FD8136 firmware version FD8136-VVTK-0300a. This vulnerability allows authenticated remote attackers to execute arbitrary code as root. The issue arises because the handler passes an attacker-controlled Content-Length value directly to fread() as the read size, into a fixed-size stack buffer of 0x60 bytes. This oversight enables the overwriting of the saved link register. The vulnerability can be exploited by sending a crafted POST request to the /cgi-bin/admin/export_language.cgi endpoint. Notably, the binary is compiled without stack canaries, leaving it susceptible to such attacks.

A path traversal vulnerability has been identified in Gleam's management of custom documentation pages. This issue allows arbitrary file reading and writing outside the designated documentation output directory. The vulnerability arises because entries in the 'documentation.pages' section of 'gleam.toml' are integrated into filesystem paths without adequate validation, potentially leading to the exposure of local files or the unauthorized writing of documentation files to unintended locations. The vulnerability affects Gleam versions 1.16.0 prior to 1.17.0.

A reflected cross-site scripting vulnerability has been identified in NamelessMC version 2.2.4. The issue arises in the 'id' parameter of the '/index.php?route=/queries/user/' endpoint, where user-supplied input is reflected in the HTML response without adequate sanitization or output encoding. This allows attackers to craft malicious URLs containing JavaScript, which, when accessed by victims, executes in their browsers within the context of the vulnerable application. Such exploitation could lead to session hijacking, phishing attacks, or manipulation of page content. The vulnerability has been patched in version 2.2.5.

A stored cross-site scripting vulnerability has been identified in the WordPress Progress Planner plugin, affecting versions through 1.9.0. This issue allows attackers to inject malicious scripts that are executed when users visit the affected site.

A broken access control vulnerability has been identified in the Crew HRM WordPress plugin, affecting versions through 1.2.2. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A vulnerability exists in the Collibra Agent's REST API, specifically within the '/rest/*' endpoints, due to improper authentication. This flaw allows remote, unauthenticated attackers to access privileged functionalities and sensitive application data. The issue arises because the REST API does not adequately enforce authentication or authorization, enabling unauthorized access to critical application features that could be exploited for malicious purposes.

A path traversal vulnerability has been identified in the restore handler of Collibra Agent, which is part of the Collibra Platform and Collibra Platform Self-Hosted. This vulnerability allows remote, unauthenticated attackers to write arbitrary files by uploading a crafted ZIP archive. The issue arises because Collibra Agent does not properly validate or canonicalize file paths during ZIP extraction, enabling attackers to write files outside the designated extraction directory.

An authentication bypass vulnerability has been identified in MISP when LDAP mixed authentication is enabled alongside mandatory OTP (One-Time Password) requirements. In this configuration, users authenticated through an LDAP plugin can bypass the OTP challenge by accessing application URLs directly after logging in, instead of completing the OTP verification. This vulnerability allows access to the application as the authenticated user without providing a valid OTP code. The issue arises because the OTP requirement is not enforced until after the user session is established, creating a window for exploitation.

A local file inclusion vulnerability has been identified in the Axiomthemes Racquet WordPress theme, affecting versions through 1.12.0. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion. Exploitation of this issue could enable a malicious actor to include local files from the target website and display their contents, potentially leading to the exposure of sensitive information such as database credentials.

A local file inclusion vulnerability has been identified in the AndroThemes Cookiteer WordPress theme, affecting versions through 1.4.8. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion.

A local file inclusion vulnerability has been identified in the Axiomthemes Fermentio WordPress theme, affecting versions through 1.5.0. This vulnerability arises from improper control of filenames in include or require statements, allowing for PHP remote file inclusion. Exploitation of this issue could enable a malicious actor to include local files from the target website and display their contents, potentially leading to a complete database takeover if sensitive credential files are accessed.

A local file inclusion vulnerability has been identified in the Axiomthemes Spin WordPress theme, affecting versions through 1.8. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion that could be exploited to include local files from the server.

A vulnerability exists in the Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and earlier. This vulnerability allows network-adjacent attackers to spoof or tamper with data, leading to denial-of-service conditions. Attackers with access to an enabled Infinity network port or who are physically close to a wireless access point can exploit this vulnerability to modify device settings, such as alarm states or limits. Additionally, the vulnerability can be used to overwhelm the system with incoming data, causing the device to reboot and lose network functionality.

A vulnerability allowing information disclosure has been identified in Dräger Infinity Delta, Delta XL, and Kappa patient monitors. This issue allows unauthenticated network attackers to access log files over a network connection. The exposed log files can contain sensitive information such as device internals, location data, and wired network configuration details.

A vulnerability has been identified in the D.Launcher 2 component of the Slovak eID client ecosystem, specifically in versions prior to 2.0.7.0. This vulnerability involves improper processing of custom URL handlers, which could be exploited to initiate NTLM authentication or SMB connections to an attacker's infrastructure, facilitating Server Side Request Forgery (SSRF) attacks. Exploitation requires user interaction, as the victim must open a specially crafted URL.

A reflected cross-site scripting vulnerability has been identified in the Ahmad WP Job Portal plugin, affecting versions through 2.5.1. This issue allows attackers to inject malicious scripts that are executed when users visit the affected page.

A blind SQL injection vulnerability has been identified in the Ahmad WP Job Portal plugin, affecting versions through 2.5.1. This vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

A missing authorization vulnerability has been identified in the Five Star Restaurant Reservations plugin by Etoile Web Design, affecting versions through 2.7.14. This vulnerability arises from incorrectly configured access control security levels, allowing unprivileged users to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the EventPrime WordPress plugin, affecting versions through 4.3.2.0. This vulnerability arises from missing authorization checks, allowing unprivileged users to perform actions reserved for higher privileges.

A deserialization vulnerability allowing object injection has been identified in the Elated Themes Töbel WordPress theme, affecting versions through 1.8.1. This vulnerability could lead to various impacts, including code execution, SQL injection, path traversal, and denial of service, especially if a suitable property-oriented programming chain is exploited.