Lucene search
K

4966 matches found

NVD
NVD
added 2025/01/22 5:15 p.m.22 views

CVE-2025-20156

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...

9.9CVSS0.01159EPSS
Exploits0References3
CVE
CVE
added 2025/01/22 4:21 p.m.133 views

CVE-2025-20156

CVE-2025-20156 – Cisco Meeting Management REST API Privilege Escalation : A vulnerability in the REST API allows an authenticated, low-privilege user to elevate to administrator on affected devices due to inadequate authorization enforcement. An attacker can exploit this by sending API requests t...

9.9CVSS9.4AI score0.01159EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/22 4:21 p.m.20 views

CVE-2025-20156 Cisco Meeting Management Client-Server Privilege Escalation Vulnerability

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...

9.9CVSS6.8AI score0.01159EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/22 4:21 p.m.37 views

CVE-2025-20156 Cisco Meeting Management Client-Server Privilege Escalation Vulnerability

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...

9.9CVSS0.01159EPSS
Exploits0References3
Cisco
Cisco
added 2025/01/22 4:0 p.m.20 views

Cisco Meeting Management REST API Privilege Escalation Vulnerability

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...

9.9CVSS9.6AI score0.01159EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-32735

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...

9.8CVSS5.8AI score0.06765EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.7 views

PT-2025-4145 · Cisco · Cisco Meeting Management

The vulnerable software is Cisco Meeting Management, which has a flaw in its REST API that allows a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This is possible due to improper authorization enforcement, which can be exploited b...

9.9CVSS7AI score0.01159EPSS
Exploits0References43
OSV
OSV
added 2025/01/20 7:36 a.m.6 views

BIT-WORDPRESS-2024-12028

The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...

5.3CVSS5.6AI score0.00416EPSS
Exploits0References2
OSV
OSV
added 2025/01/20 7:35 a.m.6 views

BIT-WORDPRESS-MULTISITE-2024-12028

The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...

5.3CVSS5.6AI score0.00416EPSS
Exploits0References2
NVD
NVD
added 2025/01/20 3:15 a.m.10 views

CVE-2025-0579

A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-userna...

7.5CVSS0.00378EPSS
Exploits0References4
NVD
NVD
added 2025/01/20 3:15 a.m.10 views

CVE-2025-0580

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi&action=getOrders of the component REST API Module. The manipulation of the argument contentHash...

6.3CVSS0.00375EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/20 2:31 a.m.29 views

CVE-2025-0580 Shiprocket Module REST API Module rest_api authorization

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi&action=getOrders of the component REST API Module. The manipulation of the argument contentHash...

6.3CVSS0.00375EPSS
Exploits0References4
CVE
CVE
added 2025/01/20 2:31 a.m.98 views

CVE-2025-0580

CVE-2025-0580 affects Shiprocket Module 3 on OpenCart. The vulnerability resides in the REST API Module’s file path /index.php?route=extension/module/rest_api&action=getOrders, where manipulating the contentHash argument leads to incorrect authorization. It is described as remotely exploitable wi...

6.3CVSS5.5AI score0.00375EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/20 2:31 a.m.11 views

CVE-2025-0580 Shiprocket Module REST API Module rest_api authorization

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi&action=getOrders of the component REST API Module. The manipulation of the argument contentHash...

6.3CVSS5.5AI score0.00375EPSS
Exploits0References4
CVE
CVE
added 2025/01/20 2:31 a.m.91 views

CVE-2025-0579

CVE-2025-0579 affects Shiprocket Module 3/4 on OpenCart, specifically the REST API Module’s restapi endpoint. The root cause is manipulation of the x-username parameter, leading to SQL injection that can be exploited remotely. Public exploitation has been disclosed. Affected versions are Shiprock...

7.5CVSS7.5AI score0.00378EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/20 2:31 a.m.7 views

CVE-2025-0579 Shiprocket Module REST API Module restapi sql injection

A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-userna...

7.5CVSS7.5AI score0.00378EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/20 2:31 a.m.21 views

CVE-2025-0579 Shiprocket Module REST API Module restapi sql injection

A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-userna...

7.5CVSS0.00378EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/19 12:0 a.m.8 views

PT-2025-3970 · Opencart +1 · Opencart +1

Name of the Vulnerable Software and Affected Versions: Shiprocket Module 3/4 on OpenCart affected versions not specified Description: A critical issue has been found in the Shiprocket Module 3/4 on OpenCart, affecting an unknown functionality of the file...

7.5CVSS7.8AI score0.00378EPSS
Exploits0References12
Cvelist
Cvelist
added 2025/01/17 12:0 a.m.14 views

CVE-2024-50967

The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information...

0.01616EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/17 12:0 a.m.8 views

CVE-2024-50967

The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information...

6.4AI score0.01616EPSS
Exploits0References3
Rows per page
Query Builder