Lucene search
K

63 matches found

RedhatCVE
RedhatCVE
added 2025/02/28 12:24 p.m.15 views

CVE-2024-47053

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated use...

7.7CVSS6.4AI score0.00681EPSS
Exploits0References5
NVD
NVD
added 2024/12/09 1:15 p.m.17 views

CVE-2023-47871

Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through 1.1.6...

4.3CVSS0.00456EPSS
Exploits2References1
OSV
OSV
added 2024/09/03 10:15 a.m.5 views

CVE-2024-45586

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

8.8CVSS5.8AI score0.00432EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/05/23 2:11 p.m.199 views

iFrames Bypass Origin Checks for Tauri API Access Control

Impact Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the dangerousRemoteDomainIpcAccess in v1 and in the capabilities in v2. This bypasses the origin check and allows iFrames to access the IPC endpoints exposed to the parent...

5.9CVSS7.4AI score0.00349EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.5 views

MikroTik RouterOS Security Vulnerability

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in PCs to enable them to provide router functionality. A security vulnerability exists in MikroTik RouterOS versions v7.1 through 7.11 that stems from the presence of a...

5.3CVSS6.7AI score0.00473EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.5 views

PT-2023-23574 · Unknown · Android Capture App +1

Name of the Vulnerable Software and Affected Versions: DHIS2 Core versions 2.35 through 2.36.12 DHIS2 Core versions 2.37 through 2.37.7 DHIS2 Core versions 2.38 through 2.38.1 DHIS2 Core versions 2.39 through 2.39.0 exclusive of 2.39.0, as 2.39.0 contains a fix Description: The issue arises when...

6.5CVSS6.3AI score0.00515EPSS
Exploits0References5
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.38 views

FortiSandbox / FortiDeceptor - Improper profile-based access control over APIs

An improper privilege management vulnerability CWE-269 in FortiSandbox & FortiDeceptor may allow a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests...

6.5CVSS8.1AI score0.00975EPSS
Exploits0Affected Software2
NVD
NVD
added 2022/08/25 11:15 p.m.17 views

CVE-2022-37316

Archer Platform 6.8 before 6.11 P3 6.11.0.3 contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 6.10.0.3.1 is also a fixed release...

6.5CVSS0.00582EPSS
Exploits0References2
Prion
Prion
added 2022/08/25 11:15 p.m.27 views

Improper access control

Archer Platform 6.8 before 6.11 P3 6.11.0.3 contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 6.10.0.3.1 is also a fixed release...

4CVSS6.3AI score0.00582EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/10/06 8:15 p.m.3 views

CVE-2021-34782

A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An...

4.3CVSS5.8AI score0.00755EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/06 12:0 a.m.6 views

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. A security vulnerability exists in Cisco DNA Center that stems from improper access control to API endpoints. An attacker could exploit the vulnerability by sending specific API requests to the affected applicatio...

4.3CVSS5.2AI score0.00755EPSS
Exploits0References4
NVD
NVD
added 2021/08/30 6:15 p.m.17 views

CVE-2021-22025

The vRealize Operations Manager API 8.x prior to 8.5 contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster...

7.5CVSS0.00809EPSS
Exploits0References1
NVD
NVD
added 2021/08/26 12:15 p.m.14 views

CVE-2021-27944

Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload...

10CVSS0.03536EPSS
Exploits1References2
Microsoft Secure
Microsoft Secure
added 2020/11/24 5:0 p.m.25 views

Microsoft Azure Active Directory again a “Leader” in Gartner Magic Quadrant for Access Management

Howdy folks, I’m proud to announce that for the fourth year in a row, Microsoft Azure Active Directory Azure AD has been recognized as a “Leader” in Gartner Magic Quadrant for Access Management, Worldwide. Earlier this year, my boss, Joy Chik, CVP of Identity Engineering shared Microsoft’s guidin...

7.7AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2020/11/24 5:0 p.m.25 views

Microsoft Azure Active Directory again a “Leader” in Gartner Magic Quadrant for Access Management

Howdy folks, I’m proud to announce that for the fourth year in a row, Microsoft Azure Active Directory Azure AD has been recognized as a “Leader” in Gartner Magic Quadrant for Access Management, Worldwide. Earlier this year, my boss, Joy Chik, CVP of Identity Engineering shared Microsoft’s guidin...

7.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2020/06/19 12:0 a.m.6 views

PT-2020-8462

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 3.8.2 Mattermost Server versions prior to 3.7.5 Mattermost Server versions prior to 3.6.7 Description: The issue concerns API endpoint access control not honoring an integration permission restriction...

9.9CVSS5.9AI score0.27661EPSS
Exploits45References117
Hacker One
Hacker One
added 2020/06/10 5:14 a.m.227 views

h1-ctf: [H1-2006 2020] Bypassing access control checks by modifying the URL, internal application state, or the HTML page, or using a custom API attack tool

H1-2006 CTF Writeup F859938 Summary: Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/01/16 10:29 a.m.11 views

api.fsapp.io Improper Access Control vulnerability

Security Researcher devl00p Helped patch 2581 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting api.fsapp.io website and its users. Following coordinate...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2019/08/01 3:10 p.m.69 views

Unpatched Flaws in IoT Smart Deadbolt Open Homes to Danger

UPDATE Researchers have uncovered vulnerabilities in a popular smart deadbolt could allow attackers to remotely unlock doors and break into homes. The manufacturer behind the smart lock, Hickory Hardware, has deployed patches to the affected apps on the Google Play Store and Apple App Store. The...

5CVSS0.4AI score0.00372EPSS
Exploits0References6
Carbon Black Blog
Carbon Black Blog
added 2019/07/31 12:46 p.m.68 views

Flexible and Controlled Openness: Carbon Black’s API Approach

At Carbon Black, we believe that making our customers successful requires both an open platform and the control they need to build endpoint protection into the ideal security processes they’ve designed for their specific organization. From maintaining relationships with our 100+ integration...

1.5AI score
Exploits0
Rows per page
Query Builder