org.dspace.modules:additions (=7.0-preview-1), org.dspace.modules:oai (=7.0-preview-1) +12 more potentially affected by CVE-2021-41189 via org.dspace:dspace-api (=7.0-preview-1)

org.dspace:dspace-api MAVEN version =7.0-preview-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.dspace:dspace-api and may be impacted: - org.dspace.modules:additions =7.0-preview-1 - org.dspace.modules:oai =7.0-preview-1 - org.dspace.modules:rdf...

PT-2021-7514 · Cisco · Cisco Dna Center

Name of the Vulnerable Software and Affected Versions: Cisco DNA Center affected versions not specified Description: A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The...

Exposure of Sensitive Information to an Unauthorized Actor in kcal-app/kcal

Description An attacker can view the foods and other informations in the application through direct call to api functions without any authenication Proof of Concept Step 1 Go to http://demo.kcal.cooking/api/v1/foods?pagenumber=1&pagesize=12...

CVE-2021-34648 Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection

The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

CVE-2021-40067

The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group...

Code injection

The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and...

CVE-2021-37415

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...

Top 3 APIs Vulnerabilities: Why Apps are Pwned by Cyberattackers

Application programming interfaces APIs have become the glue that holds today’s apps together. There’s an API to turn on the kitchen lights while still in bed. There’s an API to change the song playing on your house speakers. Whether the app is on your mobile device, entertainment system or garag...

CVE-2021-22025

The vRealize Operations Manager API 8.x prior to 8.5 contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster...

AitSar (=0.1.1), AjusteOnuDeReferencia (=0.1.0) +28741 more potentially affected by CVE-2020-35910 +4 more via lock_api (>=0.1.5 <=0.4.14)

lockapi CARGO version =0.1.5, =0.1.0, =0.9.0, =0.0.1-preview.1, =0.1.0-beta.1, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2020-35910, CVE-2020-35911, CVE-2020-35912, CVE-2020-35913, CVE-2020-35914 Source advisory: OSV:GHSA-VH4P-6J7G-F4J9...

AitSar (=0.1.1), AjusteOnuDeReferencia (=0.1.0) +28741 more potentially affected by CVE-2020-35910 +4 more via lock_api (>=0.1.5 <=0.4.14)

lockapi CARGO version =0.1.5, =0.1.0, =0.9.0, =0.0.1-preview.1, =0.1.0-beta.1, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2020-35910, CVE-2020-35911, CVE-2020-35912, CVE-2020-35913, CVE-2020-35914 Source advisory: OSV:GHSA-PPJ3-7JW3-8VC4...

B.Braun SpaceCom2 代码问题漏洞

The B. Braun SpaceCom2 is a hardware device from B. Braun, Germany, designed to connect to external devices to record data in a patient data management system, PC, or USB memory stick. A security vulnerability exists in versions of the B. Braun SpaceCom2 prior to 012U000062, which allows a remote...

kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions...

The vulnerability of the REST API interface of the Cisco Evolved Programmable Network Manager software for managing network services allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the REST API interface of the Cisco Evolved Programmable Network Manager software for managing network services is related to security deficiencies in handling sensitive data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized acce...

CVE-2021-34707 Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API...

CVE-2021-34707 Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API...

CVE-2021-37392

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected user will...

Design/Logic Flaw

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...

Reddit: [dubsmash] Long String in 'shoutout' Parameter Leading Internal server Error on Popular hastags , Community and User Profile

Summary: If the user input a long string in the 'shoutout' parameter of the 'CreateVideo' API then all the APIs where this video is supposed to appear eg: hashtag API, community API, and user profile API will throw 'internal server error' in the response. This will cause a denial of service attac...

Cisco Meeting Server Denial of Service Vulnerability (CNVD-2021-43378)

Cisco Meeting Server is a video conferencing solution from Cisco that combines place-based video, audio, and Web communications to meet the collaboration needs of the modern workplace. A denial of service vulnerability exists in the API for Cisco Meeting Server versions 3.1, 3.1.1. The...