CVE-2021-39213

GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround...

GHSA-PWHF-39XG-4RXW Script injection

Impact A malicious internal actor is able to upload documentation content with malicious scripts. These scripts would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the content sanitazion will be bypassed. If the TechDocs API is...

CVE-2021-32660

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of @backstage/tehdocs-common prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These...

CVE-2018-20905

CVE-2018-20905 affects cPanel prior to 71.9980.37, where an attacker can issue API calls that bypass the backup feature restriction (SEC-429). The CVE entry is documented across multiple sources (including Red Hat and CNVD/CVE listings) with the same impact description. The available references d...

Improper access control

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks $wgBlockCIDRLimit by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

UBUNTU-CVE-2019-12472

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks $wgBlockCIDRLimit by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

WordPress Plugin Cerber Security, Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities

Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Date: 2019-03-04 Active installs: 100,000+ Version: 8.0 Software Link: https://wordpress.org/plugins/wp-cerber/ Exploit Author: ed0x21son Category: WebApps, WordPress Tested...

Stop User Enumeration <= 1.3.8 - REST API Bypass

The Stop User Enumeration WordPress plugin was affected by a REST API Bypass security vulnerability...

Adobe Reader < 11.0.17 / 15.006.30198 / 15.017.20050 Multiple Vulnerabilities (APSB16-26) (Mac OS X)

The version of Adobe Reader installed on the remote Mac OS X host is prior to 11.0.17, 15.006.30198, or 15.017.20050. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. An unauthenticate...

chromium-browser: WebAPI Bypass

extensions/renderer/resources/platformapp.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app...

Adobe Acrobat/Reader Javascript API Execution Bypass Vulnerability (CNVD-2015-06691)

Adobe Reader/Acrobat is a popular application for working with PDF files. An unspecified security vulnerability exists in Adobe Reader/Acrobat. The vulnerability allows attackers to construct malicious PDF files and trick users into parsing them, which can bypass Javascript API implementation...

Adobe Acrobat < 10.1.14 / 11.0.11 Multiple Vulnerabilities (APSB15-10)

The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.14 / 11.0.11. It is, therefore, affected by the following vulnerabilities : - A buffer overflow condition exists in CoolType.dll due to improper validation of user-supplied input. A remote attacker can exploit th...