CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...

Strapi 3.6.8 Password Disclosure / Insecure Handling

Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...

CVE-2022-24863 Denial of service in http-swagger

http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down...

Security update for libeconf, shadow and util-linux (moderate)

openSUSE Security Update: Security update for libeconf, shadow and util-linux Announcement ID: openSUSE-SU-2022:0727-1 Rating: moderate References: 1188507 1192954 1193632 1194976 SLE-23384 SLE-23402 Cross-References: CVE-2021-3995 CVE-2021-3996 CVSS scores: CVE-2021-3995 SUSE: 4.7...

CVE-2021-32662 TechDocs mkdocs.yml path traversal

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In @backstage/techdocs-common versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is buil...

PT-2021-11165 · Red Hat · Red Hat 3Scale

Name of the Vulnerable Software and Affected Versions: Red Hat 3scale versions prior to 3scale-2.10.0-ER1 Description: A flaw was found in Red Hat 3scale’s API documentation URL, allowing access without credentials. This issue enables an attacker to view sensitive information or modify service...

Red Hat 访问控制错误漏洞

Red Hat is an operating system from the American company Red Hat, Inc. It provides an open source operating system. A security vulnerability exists in the API documentation URL for Red Hat 3scale, which stems from access without credentials. An attacker could use the vulnerability to view sensiti...

Logic Flaw Vulnerability in ShowDoc

ShowDoc is an online API documentation, technical documentation tool for IT teams. ShowDoc suffers from a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information...

OSV - Open Source Vulnerability DB And Triage Service

OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source. For open source maintainers, OSV's automation helps reduce the burden of triage. Each vulnerability undergoes automated bisection and impa...

Mail.ru: XSS (reflected, and then, cookie persisted) on api documentation site theme selector (old version of dokuwiki)

Reflected XSS on apidocs.ucs.ru via GET parameter bootswatch-theme...

CVE-2019-4323

"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...

dnsFookup - DNS Rebinding Toolkit

DNS Rebinding freamwork containing: a dns server obviously web api to create new subdomains and control the dns server, view logs, stuff like that shitty react app to make it even more comfy What does it do? It lets you create dns bins like a burp collaborator but it adds a bit more features... a...

CVE-2019-20438

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting XSS vulnerability has been identified in the inline API documentation editor page of the API Publisher...

CVE-2019-20435

An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter...

Cross site scripting

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the update API documentation feature of the API Publisher...

Sojobo - A Binary Analysis Framework

Sojobo is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don't need to install or compile any other external libraries the project is self contained. With Sojobo you can: Emulate a 32 bit PE binary...

Moderate: Red Hat Bug Fix Advisory: ovirt-engine-api-explorer bug fix and enhancement update for RHV 4.3.4

Updated ovirt-engine-api-explorer packages that fix several bugs and add various enhancements are now available. The ovirt-engine-api-explorer package provides a web application for exploring the oVirt API documentation...

CVE-2019-6513

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...

CVE-2019-6513

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one...

CVE-2019-6515

Technical details (affected products, components, impact, remediation) are not publicly available in the provided documents. Monitor for updates.