CVE-2024-20441 Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could...

Grafana Labs Incorrect Permission (cve-2024-8118)

The version of Grafana Labs installed on the remote host is prior to 10.3.10, 10.4.9, 11.0.5, 11.1.6, or 11.2.1. It is, therefore, affected by a vulnerability as referenced in the cve-2024-8118 advisory. - In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing...

PT-2024-10154 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.8 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: The issue is related to an open redirect vulnerability in a GitLab CE/EE API endpoint. This could allow...

CVE-2024-46635

An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter...

CVE-2024-47530 Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

CVE-2024-47530 Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

CVE-2024-46635

An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter...

CVE-2024-46635

An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter...

CVE-2024-46635

INROAD prior to v202402060 has a vulnerability in the API endpoint /AccountMaster/GetCurrentUserInfo where a crafted payload to the UserNameOrPhoneNumber parameter can cause inadvertent exposure of sensitive information. Affected: INROAD versions before 202402060; impact described as accessing se...

CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

CVE-2024-47087

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters Client ID, DPID or BOID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive...

CVE-2024-47089 Unauthorized Transaction Manipulation Vulnerability

This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and...

CVE-2024-47089

Affected software: Apex Softcell LD Geo. Vulnerability: Improper validation of the transaction token ID in the API endpoint, enabling an authenticated remote attacker to manipulate the token ID and access/modify transactions belonging to other users. Impact: Unauthorized access and modification o...

CVE-2024-47085

This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to...

CVE-2024-47087

CVE-2024-47087 affects Apex Softcell LD Geo. The vulnerability is caused by improper validation of parameters in the API endpoint (e.g., Client ID, DPID, BOID) within the application, enabling an authenticated remote attacker to manipulate API request body parameters and cause exposure of sensiti...

CVE-2024-47087 Information Disclosure Vulnerability

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters Client ID, DPID or BOID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive...

CVE-2024-47086 OTP Bypass Vulnerability

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API...

CVE-2024-47085 Parameter Manipulation Vulnerability

This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to...

CVE-2024-47085 Parameter Manipulation Vulnerability

This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to...

CVE-2024-47085

The CVE-2024-47085 vulnerability affects Apex Softcell LD DP Back Office, arising from improper validation of API parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could manipulate request body parameters to expose sensitive information from other...