4965 matches found
CVE-2024-7786
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...
CVE-2024-7786 Sensei LMS < 4.24.2 - Unauthenticated Email Template Leak
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...
CVE-2024-7786
Summary: Sensei LMS WordPress plugin prior to version 4.24.2 contains an issue where certain REST API routes are not properly protected, allowing unauthenticated access to leak email templates. Affected software: Sensei LMS WordPress plugin (versions before 4.24.2). Root cause (as stated): Unprot...
WordPress REST API Content Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress REST API Content Injection', 'Description' = %q This module exploits a content injection vulnerability in WordPress versions 4.7 and...
Apache Flink JobManager Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink JobManager Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Flink...
Pimcore Gather Credentials via SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pimcore Gather Credentials via SQL Injection', 'Description' = %q This module extracts the usernames and hashed passwords of all users of the...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11093 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11093 Source advisory: OSV:GHSA-WH2W-39F4-RPV2...
Malicious code in as-rest-api-v6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ce680287c711409073b5144305ae85ce29123f6841998697d979ee6414baddc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8067 Malicious code in as-rest-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00a576994460aeca57d9642938bbd4c214c2fc5138f9513388b070cb882fde29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in as-rest-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00a576994460aeca57d9642938bbd4c214c2fc5138f9513388b070cb882fde29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8068 Malicious code in as-rest-api-v6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ce680287c711409073b5144305ae85ce29123f6841998697d979ee6414baddc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2024-31387 · Amazon · Aws Cloud Development Kit
Name of the Vulnerable Software and Affected Versions: AWS Cloud Development Kit CDK versions 2.142.0 through 2.148.0 Description: The issue in AWS Cloud Development Kit CDK can result in granting authenticated Amazon Cognito users broader than intended access. Specifically, if a CDK application...
CVE-2024-20417
Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...
CVE-2024-20417
Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...
CVE-2024-20417
Cisco CVE-2024-20417 affects the REST API of Cisco Identity Services Engine (ISE). The issue stems from insufficient validation of user-supplied input in REST API calls, allowing an authenticated, remote attacker to perform blind SQL injection and view or modify data on the affected device. Affec...
CVE-2024-20417 Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabities
Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...
CVE-2024-20417 Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabities
Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...
Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities
Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...
CVE-2024-5880
The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password protection is enabled. This makes it possible for unauthenticated attackers to gain unauthorized...
CVE-2024-5880
The CVE-2024-5880 entry refers to the WordPress plugin Hide My Site, affecting all versions up to 2.2. The vulnerability is Unauthenticated Sensitive Information Exposure caused by the plugin not restricting REST API access when password protection is enabled, allowing unauthenticated attackers t...