20 matches found
CVE-2026-47136 RustFS: Unauthenticated RustFS console license endpoint exposes license metadata
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...
CVE-2026-47136
CVE-2026-47136 affects RustFS, a distributed object storage system written in Rust. The issue is an unauthenticated exposure of license metadata via the console endpoint GET /rustfs/console/license, which is accessible to any client that can reach the console listener and returns JSON containing ...
CVE-2026-47136 RustFS: Unauthenticated RustFS console license endpoint exposes license metadata
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...
rustfs 访问控制错误漏洞
RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained an access control vulnerability. This vulnerability stemmed from the fact that the GET /rustfs/console/license endpoint did not require authentication, allowing any client th...
WordPress plugin YayMail – WooCommerce Email Customizer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2023-40024
ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...
CVE-2024-55062
Code Injection vulnerability in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/...
PT-2025-3092 · Easyvirt · Easyvirt Dcscope +1
Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote unauthenticated attackers to execute arbitrary code. This can be done through the /api/license/sendlicense/ API...
CVE-2024-1870
The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access ...
WordPress Plugin Colibri Page Builder Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress plugin Instant Images security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-15878 · WordPress · Instant Images – One Click Image Uploads
Name of the Vulnerable Software and Affected Versions: The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress versions prior to 6.1.1 Description: The issue allows unauthorized arbitrary options update due to an insufficient check that...
GHSA-6XCX-GX7R-RCCJ Scancode.io Reflected Cross-Site Scripting (XSS) in license endpoint
Summary In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license view that does not exist. Details In the /license/ endpoint, the licensedetailsview...
CVE-2023-40024 Reflected Cross-Site Scripting (XSS) in scancode.io license endpoint
ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...
CVE-2023-40024 Reflected Cross-Site Scripting (XSS) in scancode.io license endpoint
ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...
ScanCode Cross-Site Scripting Vulnerability
ScanCode is an open source tool for analyzing and scanning source code for open source license information and potential intellectual property issues. A cross-site scripting vulnerability exists in ScanCode.io 32.5.1 and earlier versions, which stems from a reflected cross-site scripting XSS...
PT-2023-5949 · Unknown · Scancode.Io
Name of the Vulnerable Software and Affected Versions: ScanCode.io versions prior to 32.5.2 Description: The issue arises from inadequate validation and sanitization of the key parameter in the /license/ endpoint, specifically in the license details view function. This can result in a potential...
CVE-2023-26263
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity XXE attacks in the /MIMBWebServices/license endpoint of the remote harvesting server...
PT-2022-22199 · Digital Watchdog · Dw Megapix Ip Cameras
Name of the Vulnerable Software and Affected Versions: Digital Watchdog DW MEGApix IP cameras version A7.2.2 20211029 Description: A command injection issue was found in the /admin/vca/license/license tok.cgi component. This issue can be exploited through a crafted POST request. Recommendations:...
Trend Micro SafeSync for Enterprise license Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...