4962 matches found
CVE-2023-5644 WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users...
WordPress plugin WP Mail Log security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2023-27319
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API...
Spoofing
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API...
CVE-2023-27319
CVE-2023-27319 affects NetApp ONTAP Mediator prior to 1.7. The vulnerability allows an unauthenticated attacker to enumerate URLs via the REST API, leading to potential information disclosure. The issue is documented across multiple sources (NVD entry, Red Hat advisory, and PT-SEC advisory), all ...
CVE-2023-27319 CVE-2023-27319 Information Disclosure Vulnerability in ONTAP Mediator
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API...
PT-2023-32795 · WordPress · Paid Memberships Pro
Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress versions up to 2.12.5 Description: The issue arises from an incorrectly implemented capability check in the pmpro rest api get permission...
Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion
Description The plugin does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks. PoC curl --url...
CVE-2023-23584
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 MR2, 8.60 prior to vEL8.60.2039 MR4, all...
CVE-2023-3629 Infinispan: non-admins should not be able to get cache config via rest api
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...
CVE-2023-3629 Infinispan: non-admins should not be able to get cache config via rest api
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...
PT-2023-19060 · Gallagher · Gallagher Command Centre
Name of the Vulnerable Software and Affected Versions: Gallagher Command Centre versions 8.50 and prior Gallagher Command Centre versions 8.60 prior to vEL8.60.2039 MR4 Gallagher Command Centre versions 8.70 prior to vEL8.70.1787 MR2 Description: An observable response discrepancy in the Gallaghe...
How to construct "Deployment Rules' for the REST API request to add and update the Public APP Store
This document is to record an easier method to construct the field 'Deployment Rules' in the RESTAPI request to add and update the APP in the Public APP Store...
CVE-2023-5061
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...
CVE-2023-5061
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...
UBUNTU-CVE-2023-5061
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...
CVE-2023-5061
Removed by vendor...
CVE-2023-5061 Missing Authorization in GitLab
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...
CVE-2023-5061 Missing Authorization in GitLab
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...