Lucene search
K

2010 matches found

OSV
OSV
added 2024/09/30 3:17 p.m.19 views

CVE-2024-47530 Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

5.4CVSS6.3AI score0.00379EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/09/30 12:0 a.m.16 views

CVE-2024-46635

An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter...

0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/30 12:0 a.m.11 views

CVE-2024-46635

An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter...

6.4AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2024/09/30 12:0 a.m.80 views

CVE-2024-46635

INROAD prior to v202402060 has a vulnerability in the API endpoint /AccountMaster/GetCurrentUserInfo where a crafted payload to the UserNameOrPhoneNumber parameter can cause inadvertent exposure of sensitive information. Affected: INROAD versions before 202402060; impact described as accessing se...

5.9CVSS6.6AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/25 2:32 a.m.47 views

CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

2.7CVSS0.00427EPSS
Exploits1References2
NVD
NVD
added 2024/09/19 7:15 a.m.21 views

CVE-2024-47087

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters Client ID, DPID or BOID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive...

8.7CVSS0.00436EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/19 6:18 a.m.13 views

CVE-2024-47089 Unauthorized Transaction Manipulation Vulnerability

This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and...

8.7CVSS6.8AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2024/09/19 6:18 a.m.90 views

CVE-2024-47089

Affected software: Apex Softcell LD Geo. Vulnerability: Improper validation of the transaction token ID in the API endpoint, enabling an authenticated remote attacker to manipulate the token ID and access/modify transactions belonging to other users. Impact: Unauthorized access and modification o...

8.7CVSS6.4AI score0.00227EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/09/19 6:15 a.m.31 views

CVE-2024-47085

This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to...

8.7CVSS0.00436EPSS
Exploits0References1
CVE
CVE
added 2024/09/19 6:8 a.m.78 views

CVE-2024-47087

CVE-2024-47087 affects Apex Softcell LD Geo. The vulnerability is caused by improper validation of parameters in the API endpoint (e.g., Client ID, DPID, BOID) within the application, enabling an authenticated remote attacker to manipulate API request body parameters and cause exposure of sensiti...

8.7CVSS6.3AI score0.00436EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/19 6:8 a.m.27 views

CVE-2024-47087 Information Disclosure Vulnerability

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters Client ID, DPID or BOID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive...

8.7CVSS0.00436EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/19 6:3 a.m.30 views

CVE-2024-47086 OTP Bypass Vulnerability

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API...

8.7CVSS0.00474EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/19 5:56 a.m.29 views

CVE-2024-47085 Parameter Manipulation Vulnerability

This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to...

8.7CVSS0.00436EPSS
Exploits0References1
CVE
CVE
added 2024/09/19 5:56 a.m.77 views

CVE-2024-47085

The CVE-2024-47085 vulnerability affects Apex Softcell LD DP Back Office, arising from improper validation of API parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could manipulate request body parameters to expose sensitive information from other...

8.7CVSS6.3AI score0.00436EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/19 5:56 a.m.17 views

CVE-2024-47085 Parameter Manipulation Vulnerability

This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to...

8.7CVSS6AI score0.00436EPSS
Exploits0References1
NVD
NVD
added 2024/09/11 12:15 p.m.16 views

CVE-2024-45789

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the...

6.9CVSS0.00219EPSS
Exploits0References1
CVE
CVE
added 2024/09/11 12:0 p.m.90 views

CVE-2024-45789

CVE-2024-45789 affects Reedos aiM-Star 2.0.1. The vulnerability stems from improper validation of the mode parameter in the registration API endpoint, allowing an authenticated remote attacker to manipulate the API request body to bypass registration constraints and create multiple accounts. Repo...

6.9CVSS4.6AI score0.00219EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/11 12:0 p.m.17 views

CVE-2024-45789 Parameter Tampering Vulnerability

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the...

6.9CVSS6.8AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/11 12:0 p.m.30 views

CVE-2024-45789 Parameter Tampering Vulnerability

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the...

6.9CVSS0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/11 11:56 a.m.32 views

CVE-2024-45788 No Rate Limiting Vulnerability

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP...

8.7CVSS6.8AI score0.00498EPSS
Exploits0References1
Rows per page
Query Builder