61 matches found
CVE-2025-53959
In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible...
CVE-2025-53959
In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible...
CVE-2025-53959
In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible...
CVE-2025-53959
JetBrains YouTrack is affected by an email spoofing vulnerability via the Administrative API in versions prior to 2025.2.86069, 2024.3.85077, and 2025.1.86199. The root cause is exposed to abuse through the administrative API, enabling spoofed emails under network conditions. Impact is described ...
CVE-2025-53959
In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible...
Sitecore XM/XP/XC Hardcoded Credentials
Sitecore XM, XP and XC version 9.x = 9.3 or version 10.x 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP. No source data...
CVE-2025-34509
Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...
CVE-2025-34509
Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...
CVE-2025-34509
Sitecore XM/XP affected: Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE; root cause is a hardcoded user account that allows unauthenticated, remote access to the ad...
CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials
Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...
CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials
Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...
PT-2025-25745
Name of the Vulnerable Software and Affected Versions Sitecore Experience Manager XM and Experience Platform XP versions 10.1 through 10.1.4 rev. 011974 PRE Sitecore Experience Manager XM and Experience Platform XP versions 10.2 Sitecore Experience Manager XM and Experience Platform XP versions...
CVE-2024-55585
In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword...
CVE-2024-55585
In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword...
PT-2025-24348 · Mops App +1 · Mops App +1
Name of the Vulnerable Software and Affected Versions: moPS App versions 1.8.618 and earlier moPS App Engine version 1.8.618 Description: The issue allows all users to access administrative API endpoints, such as "/api/admin", without requiring additional authentication. This results in...
Inproper Authorization
Ant Media Server Community Edition is vulnerable to Improper Authorization. The vulnerability is due to improper HTTP header based authorization which allows unauthorized users to potentially access non-administrative API calls reserved for authorized users...
CVE-2024-3462 Authorization bypass in Ant Media Server
Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...
CVE-2024-3462
Ant Media Server Community Edition is vulnerable to improper HTTP header based authorization, allowing unauthorized users to access non-administrative API calls reserved for authorized users. Affected versions are prior to 2.9.0 (tested); vendor status on a patch is not confirmed. Multiple source...
CVE-2023-49231
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token...
CVE-2023-49231
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token...