The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.
Some 66% of organizations say they have slowed deploying an app into production because of API security concerns.
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to obtain control of a QNAP device. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to obtain control of a QNAP device. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
Incomplete patches are allowing attackers to continue exploiting the same vulnerabilities, reducing the cost to compromise.
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.