4966 matches found
CVE-2025-20156
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...
CVE-2025-20156
CVE-2025-20156 – Cisco Meeting Management REST API Privilege Escalation : A vulnerability in the REST API allows an authenticated, low-privilege user to elevate to administrator on affected devices due to inadequate authorization enforcement. An attacker can exploit this by sending API requests t...
CVE-2025-20156 Cisco Meeting Management Client-Server Privilege Escalation Vulnerability
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...
CVE-2025-20156 Cisco Meeting Management Client-Server Privilege Escalation Vulnerability
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...
Cisco Meeting Management REST API Privilege Escalation Vulnerability
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...
VulnCheck KEV: CVE-2024-32735
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...
PT-2025-4145 · Cisco · Cisco Meeting Management
The vulnerable software is Cisco Meeting Management, which has a flaw in its REST API that allows a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This is possible due to improper authorization enforcement, which can be exploited b...
BIT-WORDPRESS-2024-12028
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...
BIT-WORDPRESS-MULTISITE-2024-12028
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...
CVE-2025-0579
A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-userna...
CVE-2025-0580
A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi&action=getOrders of the component REST API Module. The manipulation of the argument contentHash...
CVE-2025-0580 Shiprocket Module REST API Module rest_api authorization
A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi&action=getOrders of the component REST API Module. The manipulation of the argument contentHash...
CVE-2025-0580
CVE-2025-0580 affects Shiprocket Module 3 on OpenCart. The vulnerability resides in the REST API Module’s file path /index.php?route=extension/module/rest_api&action=getOrders, where manipulating the contentHash argument leads to incorrect authorization. It is described as remotely exploitable wi...
CVE-2025-0580 Shiprocket Module REST API Module rest_api authorization
A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi&action=getOrders of the component REST API Module. The manipulation of the argument contentHash...
CVE-2025-0579
CVE-2025-0579 affects Shiprocket Module 3/4 on OpenCart, specifically the REST API Module’s restapi endpoint. The root cause is manipulation of the x-username parameter, leading to SQL injection that can be exploited remotely. Public exploitation has been disclosed. Affected versions are Shiprock...
CVE-2025-0579 Shiprocket Module REST API Module restapi sql injection
A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-userna...
CVE-2025-0579 Shiprocket Module REST API Module restapi sql injection
A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-userna...
PT-2025-3970 · Opencart +1 · Opencart +1
Name of the Vulnerable Software and Affected Versions: Shiprocket Module 3/4 on OpenCart affected versions not specified Description: A critical issue has been found in the Shiprocket Module 3/4 on OpenCart, affecting an unknown functionality of the file...
CVE-2024-50967
The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information...
CVE-2024-50967
The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information...