Lucene search
K

4963 matches found

Vulnrichment
Vulnrichment
added 2024/06/20 2:8 a.m.23 views

CVE-2024-3605 WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

10CVSS7.5AI score0.04186EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2024/06/19 3:34 a.m.4 views

SUSE CVE-2024-36543

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector bypassing Kafka ACL if it exists, and potentially stea...

9.8CVSS6.8AI score0.0053EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/06/17 9:31 p.m.17 views

STRIMZI incorrect access control

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector bypassing Kafka ACL if it exists, and potentially stea...

9.8CVSS7AI score0.0053EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/06/17 7:15 p.m.22 views

CVE-2024-36543

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector bypassing Kafka ACL if it exists, and potentially stea...

9.8CVSS0.0053EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/17 12:0 a.m.27 views

CVE-2024-36543

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector bypassing Kafka ACL if it exists, and potentially stea...

0.0053EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/17 12:0 a.m.13 views

CVE-2024-36543

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector bypassing Kafka ACL if it exists, and potentially stea...

7.1AI score0.0053EPSS
Exploits0References2
NVD
NVD
added 2024/06/13 3:15 p.m.20 views

CVE-2024-28969

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...

4.3CVSS0.00424EPSS
Exploits0References1
NVD
NVD
added 2024/06/13 3:15 p.m.18 views

CVE-2024-28966

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...

5.4CVSS0.00349EPSS
Exploits0References1
NVD
NVD
added 2024/06/13 3:15 p.m.19 views

CVE-2024-28967

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain API...

5.4CVSS0.00349EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/13 3:13 p.m.18 views

CVE-2024-29169

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...

5.4CVSS7.9AI score0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/13 3:5 p.m.30 views

CVE-2024-28969

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...

4.3CVSS0.00424EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/13 3:5 p.m.21 views

CVE-2024-28969

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...

4.3CVSS7.2AI score0.00424EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/13 2:57 p.m.16 views

CVE-2024-28967

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain API...

5.4CVSS0.00349EPSS
Exploits0References1
CVE
CVE
added 2024/06/13 2:57 p.m.79 views

CVE-2024-28967

Dell SCG (Secure Connect Gateway) vulnerable to improper access control in versions prior to 5.24.00.00 due to an exposed internal maintenance REST API that, if enabled by an Admin user from the UI, could allow a remote, low-privileged attacker to execute admin-only backend APIs associated with t...

5.4CVSS7AI score0.00349EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/13 2:51 p.m.19 views

CVE-2024-28966

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...

5.4CVSS7AI score0.00349EPSS
Exploits0References1
CVE
CVE
added 2024/06/13 2:51 p.m.77 views

CVE-2024-28966

CVE-2024-28966 affects Dell SCG with versions prior to 5.24.00.00, due to an Improper Access Control vulnerability in an internal update REST API that a Admin UI-enabled function exposes. A remote, low-privileged attacker could access APIs intended for Admin Users on the backend database and pote...

5.4CVSS5.6AI score0.00349EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/13 2:47 p.m.15 views

CVE-2024-28965

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal...

5.4CVSS7AI score0.00349EPSS
Exploits0References1
CVE
CVE
added 2024/06/13 2:47 p.m.84 views

CVE-2024-28965

CVE-2024-28965 affects Dell SCG prior to 5.24.00.00. The issue is an Improper Access Control in an internal enable REST API exposed by the SCG (if enabled via the UI by an Admin). A remote, low-privileged attacker could trigger internal APIs intended for Admin Users on the backend database, poten...

5.4CVSS7AI score0.00349EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.13 views

Podlove Web Player < 5.7.4 - Missing Authorization to Unauthenticated Information Exposure

Description The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /shortcode REST API endpoint in all versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to view information they...

5.3CVSS6.4AI score0.00365EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.5 views

PT-2024-22775 · Dell · Dell Scg

Name of the Vulnerable Software and Affected Versions: Dell SCG versions prior to 5.22.00.00 Description: The issue concerns a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this, leading to the execution of...

8.8CVSS8.4AI score0.0047EPSS
Exploits0References3
Rows per page
Query Builder