CVE-2025-20334

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges...

CVE-2025-20334

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges...

CVE-2025-20334

Cisco IOS XE Software HTTP API Command Injection vulnerability (CVE-2025-20334) in the HTTP API subsystem allows an attacker to execute commands with root privileges due to insufficient input validation. A remote attacker with administrative privileges can exploit via an API call with crafted inp...

Cisco IOS XE Software HTTP API Command Injection Vulnerability

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...

Linux Distros Unpatched Vulnerability : CVE-2018-11769

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration...

Linux Distros Unpatched Vulnerability : CVE-2020-13250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul and Consul Enterprise include an HTTP API introduced in 1.2.0 and DNS introduced in 1.4.3 caching feature that was vulnerable to denial of...

Malicious code in gym-http-api (npm)

The package gym-http-api was found to contain malicious code...

MAL-2025-22072 Malicious code in gym-http-api (npm)

The package gym-http-api was found to contain malicious code...

Security Bulletin: RabbitMQ HTTP API Vulnerability Allows Authenticated DoS via Large Message Payloads

Summary RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the...

CVE-2024-49375

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

CVE-2023-41044

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

CVE-2022-29836

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file...

CVE-2021-30133

A cross-site scripting XSS vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10...

CVE-2019-20451

The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. Authentication is required but an XML file containing credentials can be downloaded...

RabbitMQ 3.11.x < 3.11.24 / 3.12.x < 3.12.7 Denial of Service

The version of RabbitMQ installed on the remote host is 3.11.x prior to 3.11.24, or 3.12.x prior to 3.12.7. It is, therefore, affected by a denial of service vulnerability: - RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making i...

RabbitMQ 3.12.x < 3.12.11 Queue Deletion Authorization Bypass

The version of RabbitMQ installed on the remote host is 3.12.x prior to 3.2.11. It is, therefore, affected by an authorization bypass vulnerability: - RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying...

CVE-2025-1385

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

CVE-2025-1385

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

CVE-2025-1385 Fail input validation in clickhouse-library-bridge API could lead to RCE under specific configuration

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...