4966 matches found
CVE-2024-48939
Paxton Net2 prior to version 6.07.14023.5015 (SR4) has insufficient validation of the REST API License file, which can allow using the REST API with an invalid license and may enable retrieval of access-log data. Confirmed in multiple sources (NVD, Red Hat, CNVD/CNNVD, PT Security) across CVE-202...
CVE-2024-48939
Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 SR4 enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data...
CVE-2024-48939
Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 SR4 enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data...
Paxton Access Net2 安全漏洞
Paxton Access Net2 is an application from Paxton Access that provides simple and flexible site management. A security vulnerability exists in Paxton Access Net2 versions prior to 6.07.14023.5015 SR4, which stems from insufficient validation of the REST API license file implementation, resulting i...
CVE-2024-52004
MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to...
CVE-2024-52004 Remote code execution vulnerabilities in MediaCMS
MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to...
CVE-2024-52004 Remote code execution vulnerabilities in MediaCMS
MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to...
CVE-2024-52004
CVE-2024-52004 affects MediaCMS (Python/Django + React, REST API). Root cause: insufficient input validation during media upload, allowing remote code execution under specific conditions when the portal permits uploading content. Affected versions: all prior to 4.1.0; patched in 4.1.0. Practical ...
CVE-2024-52004 Remote code execution vulnerabilities in MediaCMS
MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to...
CVE-2024-10325
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-10325
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-10269 Easy SVG Support <= 3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access a...
CVE-2024-20536
A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...
CVE-2024-20536
A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...
CVE-2024-20536 Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability
A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...
CVE-2024-20536 Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability
A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Vivektamrakar Wp_Rest_Api_Fns
CVE-2024-49328 WP REST API FNS = 1.0.0 - Privilege Escalat...
Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability
A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...
CVE-2024-51739 Users enumeration allowed through Rest API in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in...
CVE-2024-51739 Users enumeration allowed through Rest API in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in...