4 matches found
CVE-2025-66286
An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...
CVE-2022-44014
An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...
CVE-2022-44014
Summary: CVE-2022-44014 affects Simmeth Lieferantenmanager (pre-5.6). The API design flaw in /DS/LM_API/api/SelectionService/GetPaggedTab allows a user to fetch arbitrary SQL tables, leaking all user passwords and MSSQL hashes. The issue originates from the API’s access control/validation, enabli...
Design/Logic Flaw
The API before 2.1 in OpenStack Image Registry and Delivery Service Glance makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image...