90 matches found
CVE-2025-3167
A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated...
CVE-2025-3199 ageerle ruoyi-ai API Interface SysModelController.java improper authorization
A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java of the component API Interface. The manipulati...
CVE-2025-3199 ageerle ruoyi-ai API Interface SysModelController.java improper authorization
A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java of the component API Interface. The manipulati...
CVE-2025-3167
A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated...
CVE-2025-3167
A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated...
CVE-2025-3167 Tenda AC23 API Interface VerAPIMant denial of service
A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated...
CVE-2024-11239
A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path traversal. The attack c...
CVE-2024-11239
CVE-2024-11239 affects Landray EKP up to version 16.0, specifically the API Interface’s deleteFile function at /sys/common/import.do?method=deleteFile. The vulnerability stems from manipulation of the folder argument, enabling path traversal. It can be triggered remotely, and public disclosures e...
CVE-2024-11239 Landray EKP API Interface import.do deleteFile path traversal
A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path traversal. The attack c...
CVE-2024-11239 Landray EKP API Interface import.do deleteFile path traversal
A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path traversal. The attack c...
Cisco Identity Services Engine API XML External Entity Injection Vulnerability
Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. The Cisco Identity Services Engine API interface has an XML external entity vulnerability that can be exploited by a remote attacker to submit a special request that can read arbitrary files in the...
CVE-2024-47189
CVE-2024-47189 affects Mitel MiCollab MiCollab’s AWV API interface (through 9.8 SP1 FP2 / 9.8.1.201). The vulnerability is a SQL injection caused by insufficient input sanitization, allowing an unauthenticated attacker to access non-sensitive user provisioning information and potentially execute ...
PT-2024-32470 · Mitel · Mitel Micollab
Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.8 SP1 FP2 9.8.1.201 Description: The issue concerns the API Interface of the AWV component, where insufficient sanitization of user input could allow an unauthenticated attacker to conduct SQL injection. This...
CVE-2024-5291
CVE-2024-5291 affects D-Link DIR-2150. The vulnerability resides in the SOAP API interface listening on TCP port 80, where insufficient validation of a user-supplied string before executing a system call allows network-adjacent attackers to achieve remote code execution in the router context (roo...
ROS-20240521-08
A vulnerability in the API interface of the Grafana web-based data representation tool is related to insecure privilege management. privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, gain unauthorized access to restricted functions A vulnerability in...
CVE-2023-34282
D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this...
CVE-2023-34275
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the...
CVE-2024-3720
A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be...
CVE-2024-3720 Tianwell Fire Intelligent Command Platform API Interface page sql injection
A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be...
CVE-2024-3720
The CVE-2024-3720 entry details a SQL injection in Tianwell Fire Intelligent Command Platform (version 1.1.1.1) affecting the API Interface component via the /mfsNotice/page path. The root cause is manipulation of the gsdwid parameter, enabling remote exploitation and data exposure/impact as desc...