Lucene search
K

4965 matches found

Veeam
Veeam
added 2024/09/18 12:0 a.m.186 views

Error occurred during certificate processing. — Upgrade Veeam Backup Enterprise Manager Error

Challenge When attempting to upgrade an existing Veeam Backup Enterprise Manager deployment to version 12.2, the installer fails, displaying the error: Error occurred during certificate processing. Cause This error occurs when the TLS certificate used for REST API doesn't specify a certificate...

6.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2024/09/17 8:16 a.m.35 views

Successful user login events using PAT does not update last login date and are not added to the audit logs

h3. Issue Summary When users authenticate on Confluence, this information should be update last login date as well as add as new events on the audit log when full coverage is enabled for the Security category. Requests made with personal access tokens PAT for REST API won't create a new entry on...

6.8AI score
Exploits0Affected Software1
NVD
NVD
added 2024/09/12 9:15 a.m.48 views

CVE-2024-8529

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.11831EPSS
Exploits2References3
Cvelist
Cvelist
added 2024/09/12 8:30 a.m.72 views

CVE-2024-8522 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.61355EPSS
Exploits6References4
Vulnrichment
Vulnrichment
added 2024/09/12 8:30 a.m.37 views

CVE-2024-8529 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS7.5AI score0.11831EPSS
Exploits2References3
CVE
CVE
added 2024/09/12 8:30 a.m.176 views

CVE-2024-8529

CVE-2024-8529 – LearnPress : The LearnPress WordPress LMS Plugin (versions ≤ 4.2.7) is vulnerable to unauthenticated SQL injection via the c_fields parameter in the /wp-json/lp/v1/courses/archive-course REST API. This is due to insufficient escaping and lack of proper SQL query preparation, allow...

10CVSS8.8AI score0.11831EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2024/09/12 8:30 a.m.213 views

CVE-2024-8522

LearnPress WordPress LMS Plugin (= 4.2.7.1) or apply vendor-supplied security fixes. Technical details and PoCs are available in multiple connected sources (e.g., nuclei template, Exploit DB, Metasploit module).

10CVSS8.8AI score0.61355EPSS
In wildExploits6References4Affected Software1
OpenVAS
OpenVAS
added 2024/09/11 12:0 a.m.9 views

XWiki 1.8 < 15.10.9, 16.0.0-rc-1 < 16.3.0 Information Disclosure Vulnerability (GHSA-pvmm-55r5-g3mm)

Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

5.3CVSS5.9AI score0.03417EPSS
Exploits1References1
NVD
NVD
added 2024/09/10 4:15 p.m.18 views

CVE-2024-45591

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...

5.3CVSS0.03417EPSS
Exploits1References4
CVE
CVE
added 2024/09/10 3:56 p.m.96 views

CVE-2024-45591

CVE-2024-45591 concerns XWiki Platform: the REST API can disclose page history information to unauthorized users, including per-modification times, version numbers, author usernames/display names, and version comments, even on fully private wikis. The issue is triggered by unauthenticated access ...

5.3CVSS5AI score0.03417EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/09/10 3:56 p.m.24 views

CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...

5.3CVSS0.03417EPSS
Exploits1References4
OSV
OSV
added 2024/09/10 3:56 p.m.23 views

CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...

5.3CVSS6.4AI score0.03417EPSS
Exploits1References6
NVD
NVD
added 2024/09/10 3:15 p.m.20 views

CVE-2024-45323

An improper access control vulnerability CWE-284 in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include...

4.3CVSS0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/10 2:37 p.m.22 views

CVE-2024-45323

An improper access control vulnerability CWE-284 in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include...

4.3CVSS6.7AI score0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/10 2:37 p.m.32 views

CVE-2024-45323

An improper access control vulnerability CWE-284 in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include...

4.3CVSS0.00363EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/09/10 12:0 a.m.27 views

Cisco Identity Services Engine REST API Blind SQLi (cisco-sa-ise-rest-5bPKrNtZ)

According to its self-reported version, Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities is affected by a Blind SQL Injection SQLi vulnerability. - Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attack...

8.1CVSS6.1AI score0.00498EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/09/07 4:11 p.m.13 views

CVE-2024-39715

A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server...

8.5CVSS8.2AI score0.00854EPSS
Exploits0References1
CVE
CVE
added 2024/09/07 4:11 p.m.81 views

CVE-2024-39715

CVE-2024-39715 describes a code injection vulnerability in Veeam Service Provider Console (VSPC) where a low-privileged user with REST API access can remotely upload arbitrary files to the VSPC server, leading to remote code execution. The description is consistent across multiple sources (NVD, R...

8.5CVSS8.2AI score0.00854EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/07 4:11 p.m.25 views

CVE-2024-39715

A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server...

8.5CVSS0.00854EPSS
Exploits0References1
OSV
OSV
added 2024/09/04 6:15 a.m.10 views

CVE-2024-7786

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...

5.3CVSS6.8AI score
Exploits0References1
Rows per page
Query Builder