Drupal REST API can bypass comment approval

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services rest module enabled, the...

GHSA-P8G6-5MG7-9R5Q Drupal REST API can bypass comment approval

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services rest module enabled, the...

GHSA-6Q78-6XVR-26FG Jenkins Groovy Plugin sandbox bypass vulnerability

Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...

ManageEngine Password Manager Pro REST API Restriction Bypass (CVE-2022-29081)

Binary data manageenginepmpcve-2022-29081.nbin...

Security Bulletin: IBM MQ WebConsole and REST API are affected by CVE-2021-39031.

Summary An issue was identified within the IBM WebSphere Application Server Liberty profile that IBM MQ uses to provide web console and REST API functionality. Vulnerability Details CVEID: CVE-2021-39031 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow...

CVE-2022-1338

The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-1338

The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Authentication flaw

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text...

CVE-2022-1338 Easily Generate Rest API Url <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-28162

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text...

ManageEngine Access Manager Plus REST API Restriction Bypass (CVE-2022-29081)

Binary data manageengineaccessmanagerpluscve-2022-29081.nbin...

WordPress plugin Easy Generate Rest API Url 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2021-33845

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors...

Code injection

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors...

CVE-2021-33845

CVE-2021-33845 affects Splunk Enterprise before version 8.1.7, where the REST API can disclose usernames via the lockout error message when verbose login errors are present. Multiple connected sources (NVD, Red Hat, Nessus plugin, CVE lists) describe this information disclosure vulnerability and ...

CVE-2021-33845 Username enumeration through lockout message in REST API

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors...

PT-2022-2443

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.6.x, 12.1.x, 13.1.x prior to 13.1.5, 14.1.x prior to 14.1.4.6, 15.1.x prior to 15.1.5.1, and 16.1.x prior to 16.1.2.2 Description The vulnerability resides in the iControl REST API authentication mechanism of F5 BIG-IP...

BSA-2022-1841

Security Advisory ID : BSA-2022-1841 Component : REST API Revision : 1.0 Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. Affected Products. Brocade SANnav - Fixed in Brocade SANnav 2.2.0...

The top 5 most routinely exploited vulnerabilities of 2021

A joint Cybersecurity Advisory, coauthored by cybersecurity authorities of the United States CISA, NSA, and FBI, Australia ACSC, Canada CCCS, New Zealand NZ NCSC, and the United Kingdom NCSC-UK has detailed the top 15 Common Vulnerabilities and Exposures CVEs routinely exploited by malicious cybe...

CVE-2022-29081

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...