CVE-2024-28976

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the...

Dell Repository Manager 输入验证错误漏洞

Dell Repository Manager is a data repository manager from Dell USA. An input validation error vulnerability exists in Dell Repository Manager versions prior to 3.4.5, which stems from a path traversal vulnerability in the API module. An attacker could use this vulnerability to gain unauthorized...

MediaTek Chip Security Breach

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips, which stems from a lack of boundary checking in the TVAPI module, which may result in out-of-bounds writes...

Google Chrome Security Vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that originates from an improper implementation in the Extensions API module...

CVE-2023-25822 ReportPortal DoS vulnerability on creating a Launch with too many recursively nested elements

ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...

UBUNTU-CVE-2023-5256

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...

PT-2023-31979 · Drupal · Drupal Json:Api Module

Name of the Vulnerable Software and Affected Versions: Drupal JSON:API module affected versions not specified Description: In certain scenarios, Drupal's JSON:API module will output error backtraces, potentially causing sensitive information to be cached and made available to anonymous users,...

CVE-2023-38888

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject...

DRUPAL-CONTRIB-2023-037

This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site. The module doesn't sufficiently validate access when the JSONAPI module is also installed. This vulnerability is mitigated by the fact that it only affects sites...

Reflected XSS on /api/module

Description Reflected XSS via filter bypass on /api/module using type= parameter. Proof of Concept https://demo.microweber.org/demo/api/module?type=alert"xss"&liveedit=true&fromurl=test The value of the "type" parameter is injected into the source code of the page at line 63. Since the value of t...

Cross site scripting in Apache Sling

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities...

GHSA-XWF4-88XR-HX2J Cross site scripting in Apache Sling

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities...

PT-2021-23207 · Openolat · Openolat

Name of the Vulnerable Software and Affected Versions: OpenOlat versions prior to 15.5.12 and 16.0.5 Description: A path traversal issue exists in OpenOlat, allowing an attacker to create directory structures and write files anywhere on the target system by providing a filename with a relative pa...

Drupal 代码问题漏洞

Drupal is an open source content management system developed by the Drupal community using the PHP language. A code issue exists in Drupal that is caused by improper access restrictions in the program's "JSON:API" module and "REST/File" module. A remote user could bypass the implemented security...

Unspecified vulnerability in MediaWiki (CNVD-2021-49057)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki 1.36, which stems from the fact that the Aggregategroups Acti...

Adobe Bridge 11.x < 11.0.1 Multiple Vulnerabilities (APSB21-07)

The version of Adobe Bridge installed on the remote Windows host is prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-07 advisory. - Adobe Bridge version 11.0 and earlier is affected by an out-of-bounds write vulnerability when parsing TTF files...

Adobe Bridge 11.x < 11.0.1 Multiple Vulnerabilities (APSB21-07)

The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-07 advisory. - Adobe Bridge version 11.0 and earlier is affected by an out-of-bounds write vulnerability when parsing T...

CVE-2021-21013

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's accou...

CVE-2021-21013 Magento Commerce Insecure Direct Object Reference Could Lead To Information Disclosure

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's accou...

PT-2020-6400 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 8.8.8 Drupal Core versions prior to 8.9.1 Drupal Core versions prior to 9.0.1 Description: The issue is related to improper authorization in the Drupal Core JSON:API module when the read only setting is set to...