Lucene search
K

4966 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 5:48 a.m.11 views

CVE-2024-49328

Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through = 1.0.0...

9.8CVSS5.9AI score0.01461EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:44 a.m.15 views

CVE-2024-9707

The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...

9.8CVSS9.6AI score0.09137EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:27 a.m.12 views

CVE-2024-9234

The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the installandactivatepluginfromexternal function install-active-plugin REST API endpoint in all versions up to,...

9.8CVSS6.9AI score0.10429EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:46 a.m.7 views

CVE-2024-11423

The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...

7.5CVSS7.4AI score0.00753EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:22 a.m.12 views

CVE-2024-20432

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

9.9CVSS8.3AI score0.0115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:12 a.m.5 views

CVE-2024-20536

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...

8.8CVSS8.1AI score0.00772EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:12 a.m.14 views

CVE-2024-4898

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...

9.8CVSS6.7AI score0.04156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:13 p.m.7 views

CVE-2024-0869

The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license...

8.8CVSS7AI score0.00791EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:8 p.m.16 views

CVE-2024-0913

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.13.0 due to insufficient escapi...

7.2CVSS7.2AI score0.00615EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:37 p.m.13 views

CVE-2024-8522

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS9.5AI score0.61355EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:26 p.m.16 views

CVE-2024-8529

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS9.6AI score0.11831EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:25 p.m.11 views

CVE-2024-8484

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS7.6AI score0.03631EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/04 6:19 p.m.8 views

CVE-2024-48019 Apache Doris: allows admin users to read arbitrary files through the REST API

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade ...

7AI score0.00924EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/04 6:19 p.m.10 views

CVE-2024-48019 Apache Doris: allows admin users to read arbitrary files through the REST API

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade ...

0.00924EPSS
Exploits0References1
OSV
OSV
added 2025/02/04 6:15 a.m.8 views

CVE-2025-0466

The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak senseiemail and senseimessage Information...

5.3CVSS9.3AI score
Exploits0References1
NVD
NVD
added 2025/02/04 6:15 a.m.29 views

CVE-2025-0466

The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak senseiemail and senseimessage Information...

5.3CVSS0.0037EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/04 6:0 a.m.20 views

CVE-2025-0466 Sensei LMS < 4.24.4 - Unauthenticated sensei_email/sensei_message Disclosure

The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak senseiemail and senseimessage Information...

7.8AI score0.0037EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/04 12:0 a.m.6 views

PT-2025-3902 · WordPress · Sensei Lms

Name of the Vulnerable Software and Affected Versions: Sensei LMS WordPress plugin versions prior to 4.24.4 Description: The issue concerns the inadequate protection of some REST API routes in the Sensei LMS WordPress plugin, allowing unauthenticated attackers to leak information related to sense...

5.3CVSS9.2AI score0.0037EPSS
Exploits1References8
OSV
OSV
added 2025/02/01 4:15 a.m.5 views

CVE-2024-53296

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...

4.9CVSS5.8AI score0.00375EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/01/23 6:21 a.m.37 views

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It...

9.9CVSS7.7AI score0.98557EPSS
Exploits3
Rows per page
Query Builder