CVE-2024-45786 Improper Authorization Vulnerability

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive...

CVE-2024-45786

Reedos aiM-Star 2.0.1 contains an improper access control vulnerability in certain API endpoints. An authenticated remote attacker could manipulate a parameter in the API request URL to access sensitive information belonging to other users. Public details across CVE/NVD/Red Hat entries confirm th...

CVE-2024-45786 Improper Authorization Vulnerability

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive...

PT-2024-39123 · Techexcel · Techexcel Back Office

Name of the Vulnerable Software and Affected Versions: TechExcel Back Office Software versions prior to 1.0.0 Description: This issue exists due to improper access controls on certain API endpoints, allowing an authenticated remote attacker to exploit the vulnerability by manipulating a parameter...

GO-2024-3085 GoAuthentik vulnerable to Insufficient Authorization for several API endpoints in goauthentik.io

GoAuthentik vulnerable to Insufficient Authorization for several API endpoints in goauthentik.io. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

Authentication Bypass

flowise is vulnerable to Authentication Bypass. The vulnerability is due to inadequate authentication controls that fail to properly verify user credentials, allowing unauthenticated attackers to access administrator-level API endpoints...

GHSA-2Q4W-X8H2-2FVH Flowise Authentication Bypass vulnerability

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality...

CVE-2024-8181

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality...

CVE-2024-8181 Flowise Authentication Bypass

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality...

CVE-2024-8181

Affected software: Flowise

GoAuthentik vulnerable to Insufficient Authorization for several API endpoints

Summary Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this: - /api/v3/crypto/certificatekeypairs//viewcertificate/ - /api/v3/crypto/certificatekeypairs//viewprivatekey/ - /api/v3/.../usedby/ Note that all of the...

CVE-2024-42490

authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this are /api/v3/crypto/certificatekeypairs//viewcertificate/, /api/v3/crypto/certificatekeypairs//viewprivatekey/, and...

CVE-2024-42490

authentik (open-source Identity Provider) exposes certain API endpoints without proper authentication/authorization. Affected endpoints include /api/v3/crypto/certificatekeypairs//view_certificate/, /api/v3/crypto/certificatekeypairs//view_private_key/, and /api/v3/.../used_by/, where access depe...

CVE-2024-42490 authentik has Insufficient Authorization for several API endpoints

authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this are /api/v3/crypto/certificatekeypairs//viewcertificate/, /api/v3/crypto/certificatekeypairs//viewprivatekey/, and...

CVE-2024-42490 authentik has Insufficient Authorization for several API endpoints

authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this are /api/v3/crypto/certificatekeypairs//viewcertificate/, /api/v3/crypto/certificatekeypairs//viewprivatekey/, and...

CVE-2024-42490 authentik has Insufficient Authorization for several API endpoints

authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this are /api/v3/crypto/certificatekeypairs//viewcertificate/, /api/v3/crypto/certificatekeypairs//viewprivatekey/, and...

CVE-2024-44076

In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access...

CVE-2024-33003

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

PT-2024-24325 · Adtran · Adtran Netvanta 3120

Name of the Vulnerable Software and Affected Versions: AdTran NetVanta 3120 version 18.01.01.00.E Description: The issue allows remote attackers to inject arbitrary JavaScript code, exploiting multiple stored cross-site scripting XSS vulnerabilities. This is demonstrated by various API endpoints,...

PT-2025-2796 · Edimax · Edimax Ac1200 Wi-Fi 5 Dual-Band Router Br-6476Ac

Name of the Vulnerable Software and Affected Versions: Edimax AC1200 Wi-Fi 5 BR-6476AC version 1.06 Description: The issue is related to the lack of protection for the web interface structure of the Edimax AC1200 Wi-Fi 5 BR-6476AC router's firmware, allowing a remote attacker to conduct a Cross...