2010 matches found
CVE-2024-47530 Scout contains an Open Redirect on Login via `next`
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...
CVE-2024-46635
An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter...
CVE-2024-46635
An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter...
CVE-2024-46635
INROAD prior to v202402060 has a vulnerability in the API endpoint /AccountMaster/GetCurrentUserInfo where a crafted payload to the UserNameOrPhoneNumber parameter can cause inadvertent exposure of sensitive information. Affected: INROAD versions before 202402060; impact described as accessing se...
CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...
CVE-2024-47087
This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters Client ID, DPID or BOID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive...
CVE-2024-47089 Unauthorized Transaction Manipulation Vulnerability
This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and...
CVE-2024-47089
Affected software: Apex Softcell LD Geo. Vulnerability: Improper validation of the transaction token ID in the API endpoint, enabling an authenticated remote attacker to manipulate the token ID and access/modify transactions belonging to other users. Impact: Unauthorized access and modification o...
CVE-2024-47085
This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to...
CVE-2024-47087
CVE-2024-47087 affects Apex Softcell LD Geo. The vulnerability is caused by improper validation of parameters in the API endpoint (e.g., Client ID, DPID, BOID) within the application, enabling an authenticated remote attacker to manipulate API request body parameters and cause exposure of sensiti...
CVE-2024-47087 Information Disclosure Vulnerability
This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters Client ID, DPID or BOID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive...
CVE-2024-47086 OTP Bypass Vulnerability
This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API...
CVE-2024-47085 Parameter Manipulation Vulnerability
This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to...
CVE-2024-47085
The CVE-2024-47085 vulnerability affects Apex Softcell LD DP Back Office, arising from improper validation of API parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could manipulate request body parameters to expose sensitive information from other...
CVE-2024-47085 Parameter Manipulation Vulnerability
This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to...
CVE-2024-45789
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the...
CVE-2024-45789
CVE-2024-45789 affects Reedos aiM-Star 2.0.1. The vulnerability stems from improper validation of the mode parameter in the registration API endpoint, allowing an authenticated remote attacker to manipulate the API request body to bypass registration constraints and create multiple accounts. Repo...
CVE-2024-45789 Parameter Tampering Vulnerability
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the...
CVE-2024-45789 Parameter Tampering Vulnerability
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the...
CVE-2024-45788 No Rate Limiting Vulnerability
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP...