4962 matches found
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator's browser when viewed in the REST...
CVE-2024-1473
The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mo...
CVE-2024-1477
The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by th...
CVE-2024-1473 Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure
The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mo...
CVE-2024-1473 Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure
The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mo...
CVE-2024-1473
CVE-2024-1473 affects the Colorlib Coming Soon & Maintenance Mode plugin for WordPress. The vulnerability allows Information Exposure via the REST API in all versions up to and including 1.0.99, enabling unauthenticated attackers to obtain post/page contents and bypass maintenance mode protection...
CVE-2024-1477 Easy Maintenance Mode <= 1.4.2 - Information Exposure
The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by th...
CVE-2024-1477 Easy Maintenance Mode <= 1.4.2 - Information Exposure
The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by th...
CVE-2024-1477
CVE-2024-1477 affects the Easy Maintenance Mode plugin for WordPress. All versions up to and including 1.4.2 are vulnerable to Sensitive Information Exposure via the REST API, enabling authenticated attackers to obtain post/page content and bypass plugin protections. Root cause: REST API exposure...
PT-2024-18077 · Colorlib · Wp Maintenance Mode & Coming Soon
Name of the Vulnerable Software and Affected Versions: Coming Soon & Maintenance Mode by Colorlib plugin for WordPress versions up to, and including, 1.0.99 Description: The issue allows unauthenticated attackers to obtain post and page contents via the REST API, thus bypassing maintenance mode...
Easy Maintenance Mode <= 1.4.2 - Information Exposure
Description The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection...
Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure
Description The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing...
JetBrains TeamCity Unauthenticated Remote Code Execution
This module exploits an authentication bypass vulnerability in JetBrains TeamCity. An unauthenticated attacker can leverage this to access the REST API and create a new administrator access token. This token can be used to upload a plugin which contains a Metasploit payload, allowing the attacker...
CVE-2024-25651
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint...
CVE-2024-25651
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint...
CVE-2024-25650
Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This...
CVE-2024-25651
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint...
CVE-2024-25651
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint...
CVE-2024-25650
Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This...
CVE-2024-25651
CVE-2024-25651 affects Delinea PAM Secret Server 11.4. The authentication REST API is vulnerable to user enumeration: responses from the /oauth2/token endpoint differ for valid versus invalid usernames, allowing a remote attacker to determine valid users. Root cause: differing handling of authent...