175 matches found
EUVD-2016-7923
Malware in sbrugna...
EUVD-2019-9459
Malware in sbrugna...
EUVD-2022-1196
Malicious code in bioql PyPI...
EUVD-2024-30660
Malicious code in bioql PyPI...
EUVD-2024-51472
Malicious code in bioql PyPI...
EUVD-2024-31242
Malicious code in bioql PyPI...
GHSA-JJ4J-X5WW-CWH9 Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden
Summary Certain bulk action calls with a beforetransaction hook and no aftertransaction hook, will call the beforetransaction hook before authorization is checked and a Forbidden error is returned, when called as a bulk action. The impact is that a malicious user could cause a beforetransaction t...
Linux Distros Unpatched Vulnerability : CVE-2023-5256
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and mad...
CVE-2024-1860
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihackeraddwhitelist function in all versions up to, and including, 4.51. This makes it...
CVE-2019-3702
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LSRM33.7.0 2421 allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request...
CVE-2019-9585
eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...
CVE-2019-19866
Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with...
CVE-2024-33504
A use of hard-coded cryptographic key to encrypt sensitive data vulnerability CWE-321 in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the...
CVE-2024-33504
A use of hard-coded cryptographic key to encrypt sensitive data vulnerability CWE-321 in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the...
CVE-2024-33504
CVE-2024-33504 affects FortiManager. FortiManager versions 7.6.0–7.6.1, 7.4.0–7.4.5, 7.2.0–7.2.9, 7.0, and 6.4 all have a vulnerability due to a hard-coded cryptographic key used to encrypt sensitive data. An attacker with JSON API access permissions may decrypt some secrets even when the private...
Exploit for CVE-2024-6624
CVE-2024-6624 | JSON API User = 3.9.3 - Unauthenticated Pri...
CVE-2024-6624
The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin require...
CVE-2024-13258
Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13...
CVE-2024-13258 Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022
Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13...
CVE-2024-8939 Vllm: denials of service in vllm json web api
A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...