Tag
#Application Security
65 published stories tagged with Application Security.
Defender Guidance: Vvveb Cron Controller Information Disclosure Exposes Secret Cron Key
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that can expose the application secret cron key to unauthenticated attackers.
Detection Notes: Vvveb Cron Controller Information Disclosure Exposes Secret Cron Key
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that can expose the application secret cron key to unauthenticated attackers.
Risk Brief: Vvveb Cron Controller Information Disclosure Exposes Secret Cron Key
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that can expose the application secret cron key to unauthenticated attackers.
Brief: LiteLLM Proxy Pre-Authentication SQL Injection Exploited Shortly After Disclosure
LiteLLM disclosed a SQL injection vulnerability in the proxy API key verification path. The project says versions v1.81.16 through v1.83.6 are affected and recommends upgrading to v1.83.10-stable.
Defender Guidance: LiteLLM Proxy Pre-Authentication SQL Injection Exploited Shortly After Disclosure
LiteLLM disclosed a SQL injection vulnerability in the proxy API key verification path. The project says versions v1.81.16 through v1.83.6 are affected and recommends upgrading to v1.83.10-stable.
Detection Notes: LiteLLM Proxy Pre-Authentication SQL Injection Exploited Shortly After Disclosure
LiteLLM disclosed a SQL injection vulnerability in the proxy API key verification path. The project says versions v1.81.16 through v1.83.6 are affected and recommends upgrading to v1.83.10-stable.
Risk Brief: LiteLLM Proxy Pre-Authentication SQL Injection Exploited Shortly After Disclosure
LiteLLM disclosed a SQL injection vulnerability in the proxy API key verification path. The project says versions v1.81.16 through v1.83.6 are affected and recommends upgrading to v1.83.10-stable.
Brief: electerm Arbitrary Local Code Execution Fixed in Version 3.8.15
electerm versions 3.0.6 through before 3.8.15 are vulnerable to arbitrary local code execution through deep links, CLI options, or crafted shortcuts.
Defender Guidance: electerm Arbitrary Local Code Execution Fixed in Version 3.8.15
electerm versions 3.0.6 through before 3.8.15 are vulnerable to arbitrary local code execution through deep links, CLI options, or crafted shortcuts.
Detection Notes: electerm Arbitrary Local Code Execution Fixed in Version 3.8.15
electerm versions 3.0.6 through before 3.8.15 are vulnerable to arbitrary local code execution through deep links, CLI options, or crafted shortcuts.
Risk Brief: electerm Arbitrary Local Code Execution Fixed in Version 3.8.15
electerm versions 3.0.6 through before 3.8.15 are vulnerable to arbitrary local code execution through deep links, CLI options, or crafted shortcuts.
Brief: Kimai Invoice Template Vulnerability Can Expose Files Readable by PHP Worker
Kimai versions 2.32.0 to before 2.56.0 allow users with System-Admin role and upload_invoice_template permission to embed files readable by the PHP worker into rendered invoice PDFs.
Defender Guidance: Kimai Invoice Template Vulnerability Can Expose Files Readable by PHP Worker
Kimai versions 2.32.0 to before 2.56.0 allow users with System-Admin role and upload_invoice_template permission to embed files readable by the PHP worker into rendered invoice PDFs.
Detection Notes: Kimai Invoice Template Vulnerability Can Expose Files Readable by PHP Worker
Kimai versions 2.32.0 to before 2.56.0 allow users with System-Admin role and upload_invoice_template permission to embed files readable by the PHP worker into rendered invoice PDFs.
Risk Brief: Kimai Invoice Template Vulnerability Can Expose Files Readable by PHP Worker
Kimai versions 2.32.0 to before 2.56.0 allow users with System-Admin role and upload_invoice_template permission to embed files readable by the PHP worker into rendered invoice PDFs.
Brief: TUBITAK Liderahenk Origin Validation Error Enables Improper ACL-Constrained Access
CERT Turkey reported an origin validation error vulnerability in Liderahenk that allows accessing functionality not properly constrained by ACLs.
Defender Guidance: TUBITAK Liderahenk Origin Validation Error Enables Improper ACL-Constrained Access
CERT Turkey reported an origin validation error vulnerability in Liderahenk that allows accessing functionality not properly constrained by ACLs.
Detection Notes: TUBITAK Liderahenk Origin Validation Error Enables Improper ACL-Constrained Access
CERT Turkey reported an origin validation error vulnerability in Liderahenk that allows accessing functionality not properly constrained by ACLs.
Risk Brief: TUBITAK Liderahenk Origin Validation Error Enables Improper ACL-Constrained Access
CERT Turkey reported an origin validation error vulnerability in Liderahenk that allows accessing functionality not properly constrained by ACLs.
Brief: PicoTronica e-Clinic Healthcare System Information Disclosure Fixed in Version 5.7.1
PicoTronica e-Clinic Healthcare System ECHS 5.7 contains an information disclosure vulnerability in the /cdemos/echs/api/v2/ response header handling component.
Defender Guidance: PicoTronica e-Clinic Healthcare System Information Disclosure Fixed in Version 5.7.1
PicoTronica e-Clinic Healthcare System ECHS 5.7 contains an information disclosure vulnerability in the /cdemos/echs/api/v2/ response header handling component.
Detection Notes: PicoTronica e-Clinic Healthcare System Information Disclosure Fixed in Version 5.7.1
PicoTronica e-Clinic Healthcare System ECHS 5.7 contains an information disclosure vulnerability in the /cdemos/echs/api/v2/ response header handling component.
Risk Brief: PicoTronica e-Clinic Healthcare System Information Disclosure Fixed in Version 5.7.1
PicoTronica e-Clinic Healthcare System ECHS 5.7 contains an information disclosure vulnerability in the /cdemos/echs/api/v2/ response header handling component.
Brief: CodeAstro Online Classroom SQL Injection Vulnerability Disclosed With Public Exploit
A SQL injection vulnerability in CodeAstro Online Classroom 1.0 affects the /askquery.php component through the squeryx argument, according to the NVD/VulDB record.
Defender Guidance: CodeAstro Online Classroom SQL Injection Vulnerability Disclosed With Public Exploit
A SQL injection vulnerability in CodeAstro Online Classroom 1.0 affects the /askquery.php component through the squeryx argument, according to the NVD/VulDB record.
Detection Notes: CodeAstro Online Classroom SQL Injection Vulnerability Disclosed With Public Exploit
A SQL injection vulnerability in CodeAstro Online Classroom 1.0 affects the /askquery.php component through the squeryx argument, according to the NVD/VulDB record.
Risk Brief: CodeAstro Online Classroom SQL Injection Vulnerability Disclosed With Public Exploit
A SQL injection vulnerability in CodeAstro Online Classroom 1.0 affects the /askquery.php component through the squeryx argument, according to the NVD/VulDB record.
Brief: GPAC Local Resource Allocation Vulnerability Fixed by Patch
NVD/VulDB reports a local resource allocation issue in GPAC up to 26.02.0 affecting sidx_box_read in src/isomedia/box_code_base.c.
Defender Guidance: GPAC Local Resource Allocation Vulnerability Fixed by Patch
NVD/VulDB reports a local resource allocation issue in GPAC up to 26.02.0 affecting sidx_box_read in src/isomedia/box_code_base.c.
Detection Notes: GPAC Local Resource Allocation Vulnerability Fixed by Patch
NVD/VulDB reports a local resource allocation issue in GPAC up to 26.02.0 affecting sidx_box_read in src/isomedia/box_code_base.c.
Risk Brief: GPAC Local Resource Allocation Vulnerability Fixed by Patch
NVD/VulDB reports a local resource allocation issue in GPAC up to 26.02.0 affecting sidx_box_read in src/isomedia/box_code_base.c.
Brief: code-projects Simple Chat System SQL Injection Disclosed in sendMessage.php
A SQL injection vulnerability was disclosed in code-projects Simple Chat System 1.0 affecting sendMessage.php.
Defender Guidance: code-projects Simple Chat System SQL Injection Disclosed in sendMessage.php
A SQL injection vulnerability was disclosed in code-projects Simple Chat System 1.0 affecting sendMessage.php.
Detection Notes: code-projects Simple Chat System SQL Injection Disclosed in sendMessage.php
A SQL injection vulnerability was disclosed in code-projects Simple Chat System 1.0 affecting sendMessage.php.
Risk Brief: code-projects Simple Chat System SQL Injection Disclosed in sendMessage.php
A SQL injection vulnerability was disclosed in code-projects Simple Chat System 1.0 affecting sendMessage.php.
Brief: SourceCodester SUP Online Shopping Wishlist SQL Injection Disclosed
A SQL injection issue was reported in SourceCodester SUP Online Shopping 1.0 affecting wishlist.php through the delwlistid argument.
Defender Guidance: SourceCodester SUP Online Shopping Wishlist SQL Injection Disclosed
A SQL injection issue was reported in SourceCodester SUP Online Shopping 1.0 affecting wishlist.php through the delwlistid argument.
Detection Notes: SourceCodester SUP Online Shopping Wishlist SQL Injection Disclosed
A SQL injection issue was reported in SourceCodester SUP Online Shopping 1.0 affecting wishlist.php through the delwlistid argument.
Risk Brief: SourceCodester SUP Online Shopping Wishlist SQL Injection Disclosed
A SQL injection issue was reported in SourceCodester SUP Online Shopping 1.0 affecting wishlist.php through the delwlistid argument.
Brief: SourceCodester SUP Online Shopping Admin Message SQL Injection Published
NVD/VulDB reports a SQL injection vulnerability in SourceCodester SUP Online Shopping 1.0 affecting /admin/message.php through the seenid argument.
Defender Guidance: SourceCodester SUP Online Shopping Admin Message SQL Injection Published
NVD/VulDB reports a SQL injection vulnerability in SourceCodester SUP Online Shopping 1.0 affecting /admin/message.php through the seenid argument.
Detection Notes: SourceCodester SUP Online Shopping Admin Message SQL Injection Published
NVD/VulDB reports a SQL injection vulnerability in SourceCodester SUP Online Shopping 1.0 affecting /admin/message.php through the seenid argument.
Risk Brief: SourceCodester SUP Online Shopping Admin Message SQL Injection Published
NVD/VulDB reports a SQL injection vulnerability in SourceCodester SUP Online Shopping 1.0 affecting /admin/message.php through the seenid argument.
Brief: SourceCodester SUP Online Shopping SQL Injection Found in Admin Reply Message Handler
NVD/VulDB reports a SQL injection issue in SourceCodester SUP Online Shopping 1.0 affecting /admin/replymsg.php through the msgid argument.
Defender Guidance: SourceCodester SUP Online Shopping SQL Injection Found in Admin Reply Message Handler
NVD/VulDB reports a SQL injection issue in SourceCodester SUP Online Shopping 1.0 affecting /admin/replymsg.php through the msgid argument.
Detection Notes: SourceCodester SUP Online Shopping SQL Injection Found in Admin Reply Message Handler
NVD/VulDB reports a SQL injection issue in SourceCodester SUP Online Shopping 1.0 affecting /admin/replymsg.php through the msgid argument.
Risk Brief: SourceCodester SUP Online Shopping SQL Injection Found in Admin Reply Message Handler
NVD/VulDB reports a SQL injection issue in SourceCodester SUP Online Shopping 1.0 affecting /admin/replymsg.php through the msgid argument.
Brief: CodeAstro Leave Management System Login SQL Injection Published
NVD/VulDB reports a SQL injection vulnerability in CodeAstro Leave Management System 1.0 affecting /login.php through the txt_username argument.
Defender Guidance: CodeAstro Leave Management System Login SQL Injection Published
NVD/VulDB reports a SQL injection vulnerability in CodeAstro Leave Management System 1.0 affecting /login.php through the txt_username argument.
Detection Notes: CodeAstro Leave Management System Login SQL Injection Published
NVD/VulDB reports a SQL injection vulnerability in CodeAstro Leave Management System 1.0 affecting /login.php through the txt_username argument.
Risk Brief: CodeAstro Leave Management System Login SQL Injection Published
NVD/VulDB reports a SQL injection vulnerability in CodeAstro Leave Management System 1.0 affecting /login.php through the txt_username argument.
Brief: zyx0814 FilePress Shares Filelist API SQL Injection Disclosed
A SQL injection vulnerability was reported in zyx0814 FilePress up to 2.2.0 affecting dzz/shares/admin.php in the Shares Filelist API.
Defender Guidance: zyx0814 FilePress Shares Filelist API SQL Injection Disclosed
A SQL injection vulnerability was reported in zyx0814 FilePress up to 2.2.0 affecting dzz/shares/admin.php in the Shares Filelist API.
Detection Notes: zyx0814 FilePress Shares Filelist API SQL Injection Disclosed
A SQL injection vulnerability was reported in zyx0814 FilePress up to 2.2.0 affecting dzz/shares/admin.php in the Shares Filelist API.
Risk Brief: zyx0814 FilePress Shares Filelist API SQL Injection Disclosed
A SQL injection vulnerability was reported in zyx0814 FilePress up to 2.2.0 affecting dzz/shares/admin.php in the Shares Filelist API.
Brief: SourceCodester Pharmacy Sales and Inventory System XSS Vulnerability Published
NVD/VulDB reports a cross-site scripting vulnerability in SourceCodester Pharmacy Sales and Inventory System 1.0 affecting /index.php?page=users through the Name argument.
Defender Guidance: SourceCodester Pharmacy Sales and Inventory System XSS Vulnerability Published
NVD/VulDB reports a cross-site scripting vulnerability in SourceCodester Pharmacy Sales and Inventory System 1.0 affecting /index.php?page=users through the Name argument.
Detection Notes: SourceCodester Pharmacy Sales and Inventory System XSS Vulnerability Published
NVD/VulDB reports a cross-site scripting vulnerability in SourceCodester Pharmacy Sales and Inventory System 1.0 affecting /index.php?page=users through the Name argument.
Risk Brief: SourceCodester Pharmacy Sales and Inventory System XSS Vulnerability Published
NVD/VulDB reports a cross-site scripting vulnerability in SourceCodester Pharmacy Sales and Inventory System 1.0 affecting /index.php?page=users through the Name argument.
Brief: Critical Langflow AI vulnerability reported under active attack
Recent security coverage reported exploitation of a critical flaw in Langflow AI. The article should be treated as a prompt to validate exposure and review vendor or project adviso
Defender Guidance: Critical Langflow AI vulnerability reported under active attack
Recent security coverage reported exploitation of a critical flaw in Langflow AI. The article should be treated as a prompt to validate exposure and review vendor or project adviso
Detection Notes: Critical Langflow AI vulnerability reported under active attack
Recent security coverage reported exploitation of a critical flaw in Langflow AI. The article should be treated as a prompt to validate exposure and review vendor or project adviso
Risk Brief: Critical Langflow AI vulnerability reported under active attack
Recent security coverage reported exploitation of a critical flaw in Langflow AI. The article should be treated as a prompt to validate exposure and review vendor or project adviso
Kimai Invoice Template Vulnerability Can Expose Files Readable by PHP Worker
Kimai versions 2.32.0 to before 2.56.0 allow users with System-Admin role and upload_invoice_template permission to embed files readable by the PHP worker into rendered invoice PDFs.
CodeAstro Online Classroom SQL Injection Vulnerability Disclosed With Public Exploit
A SQL injection vulnerability in CodeAstro Online Classroom 1.0 affects the /askquery.php component through the squeryx argument, according to the NVD/VulDB record.