Lucene search
K

4966 matches found

Vulnrichment
Vulnrichment
added 2025/03/19 5:40 p.m.16 views

CVE-2025-29926 The WikiManager REST API allows any user to create wikis

XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard b...

7.9CVSS6.3AI score0.00532EPSS
Exploits1References3
OSV
OSV
added 2025/03/19 5:40 p.m.8 views

CVE-2025-29926 The WikiManager REST API allows any user to create wikis

XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard b...

7.9CVSS6.5AI score0.00532EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/03/19 5:31 p.m.20 views

CVE-2025-29924 XWiki uses the wrong wiki reference in AuthorizationManager

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The...

8.7CVSS6.2AI score0.00371EPSS
Exploits0References3
OSV
OSV
added 2025/03/19 5:31 p.m.10 views

CVE-2025-29924 XWiki uses the wrong wiki reference in AuthorizationManager

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The...

8.7CVSS6.2AI score0.00371EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/03/19 5:31 p.m.16 views

CVE-2025-29924 XWiki uses the wrong wiki reference in AuthorizationManager

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The...

8.7CVSS0.00371EPSS
Exploits0References3
CVE
CVE
added 2025/03/19 5:31 p.m.503 views

CVE-2025-29924

XWiki Platform contains an authorization bypass in subwikis that can expose private information via the REST API (and potentially other APIs) when rights like “Prevent unregistered users to view pages” or “Prevent unregistered users to edit pages” are enabled. Affected versions: before 15.10.14, ...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.4 views

XWiki Platform 授权问题漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. An authorization issue vulnerability exists in XWiki Platform versions prior to 15.10.15, prior to 16.4.6, and prior to 16.10.0, which stems from the WikiManager REST API that could be...

9.8CVSS6.4AI score0.00532EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.5 views

PT-2025-11970 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 15.10.14 XWiki Platform versions prior to 16.4.6 XWiki Platform versions prior to 16.10.0-rc-1 Description: The issue allows an user to access private information through the REST API when a sub wiki is using...

8.7CVSS6AI score0.00371EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2025/03/14 3:49 p.m.22 views

CVE-2025-28886

Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...

4.3CVSS7.2AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/13 5:7 p.m.12 views

CVE-2025-27494

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...

9.4CVSS7.3AI score0.00466EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/11 9:43 p.m.5 views

WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin REST API TO MiniProgram versions = 5.1.2...

4.3CVSS7AI score0.00158EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/03/11 9:15 p.m.13 views

CVE-2025-28886

Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...

4.3CVSS0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/11 9:0 p.m.12 views

CVE-2025-28886 WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...

4.3CVSS7.2AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/11 9:0 p.m.19 views

CVE-2025-28886 WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...

4.3CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2025/03/11 9:0 p.m.98 views

CVE-2025-28886

CVE-2025-28886 : A CSRF vulnerability in the WordPress plugin REST API TO MiniProgram affects the REST API TO MiniProgram plugin (versions up to 4.7.1; WordPress records also reference up to 5.1.2). The issue enables Cross-Site Request Forgery, enabling an attacker to cause the application to per...

4.3CVSS7.2AI score0.00158EPSS
Exploits0References1
NVD
NVD
added 2025/03/11 10:15 a.m.11 views

CVE-2025-27494

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...

9.4CVSS0.00466EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/11 9:49 a.m.19 views

Information Disclosure

Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...

4.3CVSS6.1AI score0.00298EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/03/11 9:48 a.m.23 views

CVE-2025-27494

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...

9.4CVSS0.00466EPSS
Exploits0References1
CVE
CVE
added 2025/03/11 9:48 a.m.86 views

CVE-2025-27494

CVE-2025-27494 affects Siemens SiPass integrated AC5102 (ACC-G2) and ACC-AP with all versions before V6.4.9. The issue stems from improper input sanitization at the REST API’s pubkey endpoint, enabling an authenticated remote administrator to inject commands that run with root privileges. Connect...

9.4CVSS7.6AI score0.00466EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/11 9:48 a.m.6 views

CVE-2025-27494

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...

9.4CVSS9.3AI score0.00466EPSS
Exploits0References1
Rows per page
Query Builder