592 matches found
CVE-2024-47064
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access t...
CVE-2024-49354
IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls...
CVE-2024-11828
A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlie...
CVE-2023-47132
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls...
CVE-2023-46308
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...
CVE-2023-47316
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls...
CVE-2023-33244
Obsidian before 1.2.2 allows calls to unintended APIs for microphone access, camera access, and desktop notification via an embedded web page...
CVE-2023-32760
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication...
CVE-2023-30131
An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls...
CVE-2023-2993
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute...
CVE-2022-44013
An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked...
CVE-2021-29052
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls...
CVE-2020-26963
Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox 83...
CVE-2018-20938
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls SEC-324...
CVE-2010-0633
Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API XAPI calls via unknown vectors...
CVE-2019-19030
Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...
CVE-2018-20906
cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction SEC-430...
CVE-2018-20904
cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction SEC-427...
CVE-2019-9105
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/RESTAPI.php?command=CallAPI=alladminusers call...
CVE-2017-18480
cPanel before 62.0.4 does not enforce account ownership for hasmycnfforcpuser WHM API calls SEC-210...