487 matches found
CVE-2020-4729 IBM Safer Payments denial of service
IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the...
CVE-2023-1749
The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute...
Design/Logic Flaw
The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute...
CVE-2023-1749 CVE-2023-1749
The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute...
CVE-2023-1749 CVE-2023-1749
The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute...
CVE-2023-29139
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur RequestTimeoutException or upstream request timeout...
CVE-2023-29139
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur RequestTimeoutException or upstream request timeout...
CVE-2023-29139
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur RequestTimeoutException or upstream request timeout...
CVE-2023-29139
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur RequestTimeoutException or upstream request timeout...
CVE-2022-45636
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock models without authorization via arbitrary API requests...
Authorization
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock models without authorization via arbitrary API requests...
CVE-2022-45636
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock models without authorization via arbitrary API requests...
PT-2023-2053 · Rhods · Rhods
Name of the Vulnerable Software and Affected Versions: RHODS affected versions not specified Description: A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can...
CVE-2022-3907
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options...
CVE-2022-35136
Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests...
Design/Logic Flaw
Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests...
Exploit for Improper Authentication in Fortinet Fortiproxy
CVE-2022-40684-POC FortiProxy / FortiOS Authentication bypass...
PT-2022-22594 · Unknown · Boodskap Iot Platform
Name of the Vulnerable Software and Affected Versions: Boodskap IoT Platform version 4.4.9-02 Description: The issue allows attackers to make unauthenticated API requests. Recommendations: For Boodskap IoT Platform version 4.4.9-02, consider restricting access to API endpoints to prevent...
CVE-2022-38771
The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...
CVE-2022-36058
Elrond-go (github.com/ElrondNetwork/elrond-go) prior to version 1.3.34 is affected by CVE-2022-36058 due to a MultiESDTNFTTransfer call with a missing function name in SC addresses. The issue is confirmed in multiple sources (Red Hat, NVD, OSV, GHSA) and is triggered when processing certain Multi...