Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4960 matches found

Cvelist
Cvelistadded 2023/01/02 9:49 p.m.22 views

CVE-2022-4417 WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

5.5AI score0.00671EPSS
Exploits2References1
CVE
CVEadded 2023/01/02 9:49 p.m.64 views

CVE-2022-4417

CVE-2022-4417 affects the WordPress plugin WP Cerber Security, Anti-spam & Malware Scan older than 9.3.3. The issue is improper access control of the REST API users endpoint when the blog is hosted in a subdirectory, enabling potential user enumeration. The practical impact is limited to informat...

5.3CVSS5.2AI score0.00671EPSS
Exploits2References1Affected Software1
RedhatCVE
RedhatCVEadded 2022/12/26 11:34 a.m.36 views

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

3.5CVSS2.3AI score0.00613EPSS
Exploits0References3
OSV
OSVadded 2022/12/26 5:15 a.m.4 views

DEBIAN-CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

5.3CVSS5.2AI score0.00613EPSS
Exploits0References1
OSV
OSVadded 2022/12/26 5:15 a.m.26 views

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

5.3CVSS5.6AI score
Exploits0References2
UbuntuCve
UbuntuCveadded 2022/12/26 5:15 a.m.29 views

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

5.3CVSS6AI score0.00613EPSS
Exploits0References3
Prion
Prionadded 2022/12/26 5:15 a.m.33 views

Design/Logic Flaw

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

5CVSS5.7AI score0.00613EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2022/12/26 12:0 a.m.23 views

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

6.5AI score0.00613EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2022/12/26 12:0 a.m.10 views

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

6.7AI score0.00613EPSS
Exploits0References2
CVE
CVEadded 2022/12/26 12:0 a.m.107 views

CVE-2021-44854

MediaWiki vulnerability CVE-2021-44854 affects MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1, where the REST API publicly caches results from private wikis. This can lead to exposure of private wiki data via the REST API. The connected advisories indicate mitigations via...

5.3CVSS6AI score0.00613EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2022/12/26 12:0 a.m.46 views

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

5.3CVSS4.6AI score0.00613EPSS
Exploits0
Wordfence Blog
Wordfence Blogadded 2022/12/21 5:2 p.m.26 views

Exploiting WordPress Plugin Vulnerabilities to Steal AWS Metadata

In an ideal world, vulnerabilities would not exist. A request would be sent to a server, properly validated, and only the intended information would be provided by the server. Of course, this is not a perfect world, and vulnerabilities can be introduced unintentionally, or even found due to...

7.4AI score
Exploits0
OSV
OSVadded 2022/12/20 12:30 a.m.24 views

GHSA-54R5-WR8X-X5V3 Duplicate Advisory: Apiman has insufficient checks for read permissions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j94p-hv25-rm5g. This link is maintained to preserve external references. Original Description Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. A...

7.1CVSS6.2AI score0.00604EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2022/12/20 12:30 a.m.31 views

Duplicate Advisory: Apiman has insufficient checks for read permissions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j94p-hv25-rm5g. This link is maintained to preserve external references. Original Description Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. A...

6.5CVSS6.8AI score0.00604EPSS
Exploits0References5Affected Software1
NVD
NVDadded 2022/12/20 12:15 a.m.25 views

CVE-2022-47551

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before...

6.5CVSS0.00604EPSS
Exploits0References2
F5 Networks
F5 Networksadded 2022/12/19 10:5 p.m.80 views

K08402414: BIG-IP ASM and Advanced WAF REST API endpoint vulnerability CVE-2022-23026

Security Advisory Description An authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. CVE-2022-23026 Impact An authenticated user with low privileges, such as a guest, may exploit this...

4.3CVSS4.7AI score0.00739EPSS
Exploits0Affected Software2
Vulnrichment
Vulnrichmentadded 2022/12/19 12:0 a.m.6 views

CVE-2022-47551

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before...

6.7AI score0.00604EPSS
Exploits0References2
Cvelist
Cvelistadded 2022/12/19 12:0 a.m.36 views

CVE-2022-47551

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before...

6.6AI score0.00604EPSS
Exploits0References2
NVD
NVDadded 2022/12/14 7:15 p.m.34 views

CVE-2022-31702

vRealize Network Insight vRNI contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication...

9.8CVSS0.01609EPSS
Exploits0References1
Prion
Prionadded 2022/12/14 7:15 p.m.33 views

Command injection

vRealize Network Insight vRNI contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication...

7.5CVSS9.7AI score0.01609EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder