Lucene search
K

592 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:0 a.m.8 views

CVE-2024-47064

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access t...

6.3CVSS7.2AI score0.00293EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:6 a.m.12 views

CVE-2024-49354

IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls...

5.3CVSS6.2AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:44 a.m.7 views

CVE-2024-11828

A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlie...

7.5CVSS7.1AI score0.00583EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:15 a.m.7 views

CVE-2023-47132

An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls...

9.8CVSS7.2AI score0.00551EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:52 a.m.9 views

CVE-2023-46308

In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...

9.8CVSS6.8AI score0.00936EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.17 views

CVE-2023-47316

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls...

5.4CVSS7AI score0.00419EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:51 a.m.6 views

CVE-2023-33244

Obsidian before 1.2.2 allows calls to unintended APIs for microphone access, camera access, and desktop notification via an embedded web page...

8.2CVSS6.9AI score0.00474EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:50 a.m.8 views

CVE-2023-32760

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication...

7.7CVSS6.2AI score0.00412EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:23 a.m.25 views

CVE-2023-30131

An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls...

9.8CVSS7.4AI score0.00785EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.8 views

CVE-2023-2993

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute...

6.3CVSS7.2AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:10 a.m.10 views

CVE-2022-44013

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked...

9.1CVSS7.2AI score0.00931EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 p.m.10 views

CVE-2021-29052

The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls...

4.3CVSS6.5AI score0.00764EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.4 views

CVE-2020-26963

Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox 83...

4.3CVSS6.2AI score0.00839EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:59 p.m.12 views

CVE-2018-20938

cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls SEC-324...

4CVSS7AI score0.0059EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:26 p.m.11 views

CVE-2010-0633

Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API XAPI calls via unknown vectors...

4.6CVSS7.2AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.13 views

CVE-2019-19030

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...

5.3CVSS6.9AI score0.01891EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:12 a.m.6 views

CVE-2018-20906

cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction SEC-430...

4.3CVSS7AI score0.00592EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:12 a.m.10 views

CVE-2018-20904

cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction SEC-427...

4.3CVSS7AI score0.0062EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:56 a.m.9 views

CVE-2019-9105

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/RESTAPI.php?command=CallAPI=alladminusers call...

7.5CVSS7.3AI score0.02397EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:1 a.m.7 views

CVE-2017-18480

cPanel before 62.0.4 does not enforce account ownership for hasmycnfforcpuser WHM API calls SEC-210...

6.5CVSS7AI score0.00875EPSS
Exploits0References1
Rows per page
Query Builder