WooCommerce Multivendor Marketplace – REST API < 1.6.0 - Subscriber+ Arbitrary Orders Item And Notes Update

The plugin does not properly implement capability checks on the 'getitem', 'getordernotes', and 'addordernote' functions, leading to potential unauthorized access and addition of those items by authenticated users with subscriber privileges or above...

REST API TO MiniProgram <= 4.6.1 - Subscriber+ Attachment Deletion

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments PoC fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

REST API TO MiniProgram <= 4.6.1 - Subscriber+ Attachment Deletion

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

CVE-2023-30776

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1...

Design/Logic Flaw

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1...

CVE-2023-30776

Technical details (affected product versions, root cause, exploitability, remediation) are not publicly available in the provided connected documents. Monitor for updates.

CVE-2023-30776 Apache Superset: Database connection password leak

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1...

CVE-2023-30776 Apache Superset: Database connection password leak

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1...

CVE-2023-25507

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering...

Design/Logic Flaw

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering...

CVE-2023-25507

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering...

CVE-2023-25507

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering...

CVE-2023-25507

The CVE-2023-25507 issue affects NVIDIA DGX-1 BMC SPX REST API. A privileged, authenticated attacker can inject arbitrary shell commands via the REST API, potentially enabling code execution, denial of service, information disclosure, or data tampering. Public sources corroborate affecting DGX-1 ...

PT-2023-20120 · Nvidia · Nvidia Dgx-1 Bmc

Name of the Vulnerable Software and Affected Versions: NVIDIA DGX-1 BMC affected versions not specified Description: The issue concerns the SPX REST API in NVIDIA DGX-1 BMC, where an attacker with the appropriate authorization level can inject arbitrary shell commands. This may lead to code...

Striker - A Command And Control (C2)

Striker is a simple Command and Control C2 program. Disclaimer This project is under active development. Most of the features are experimental, with more to come. Expect breaking changes. Features A Agents Native agents for linux and windows hosts. Self-contained, minimal python agent should you...

LFI in Model Version REST API creation

Description By creating a model version through the REST API endpoint api/2.0/mlflow/registered-models/create and specifying a relative path redirection to the source argument, local server files can be accessed on the tracking server when a subsequent REST API v1.1 call is made to...

CVE-2023-2020

Insufficient permission checks in the REST API in Tribe29 Checkmk = 2.1.0p27 and = 2.2.0b4 beta allow unauthorized users to schedule downtimes for any host...

CVE-2023-2020

Insufficient permission checks in the REST API in Tribe29 Checkmk = 2.1.0p27 and = 2.2.0b4 beta allow unauthorized users to schedule downtimes for any host...

Design/Logic Flaw

Insufficient permission checks in the REST API in Tribe29 Checkmk = 2.1.0p27 and = 2.2.0b4 beta allow unauthorized users to schedule downtimes for any host...

CVE-2023-2020 Unauthorized scheduling of downtimes via REST API

Insufficient permission checks in the REST API in Tribe29 Checkmk = 2.1.0p27 and = 2.2.0b4 beta allow unauthorized users to schedule downtimes for any host...