Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4960 matches found

Prion
Prionadded 2022/04/28 8:15 p.m.20 views

Design/Logic Flaw

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...

7.5CVSS9.3AI score0.83321EPSS
Exploits1References2Affected Software3
Cvelist
Cvelistadded 2022/04/28 7:16 p.m.18 views

CVE-2022-29081

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...

9.7AI score0.83321EPSS
Exploits1References2
CVE
CVEadded 2022/04/28 7:16 p.m.564 views

CVE-2022-29081

CVE-2022-29081 affects Zoho ManageEngine products: Access Manager Plus (before 4302), Password Manager Pro (before 12007), and PAM360 (before 5401). The issue is an access-control bypass on certain REST API endpoints (SSOutAction, SSLAction, LicenseMgr, GetProductDetails, GetDashboard, FetchEvent...

9.8CVSS9.4AI score0.83321EPSS
In wildExploits1References2Affected Software3
CNNVD
CNNVDadded 2022/04/27 12:0 a.m.4 views

oVirt REST API 路径遍历漏洞

The oVirt REST API is an application programming interface. A path traversal vulnerability exists in the oVirt REST API that stems from improper access restrictions in seven REST API endpoints. An unauthenticated remote attacker could bypass the implemented security restrictions and gain...

9.8CVSS8.4AI score0.83321EPSS
Exploits1References4
OSV
OSVadded 2022/04/22 8:39 p.m.21 views

GHSA-4PM3-F52J-8GGH Improper Input Validation in GeoServer

Impact The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota...

7.2CVSS7.3AI score0.01385EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2022/04/22 8:39 p.m.35 views

Improper Input Validation in GeoServer

Impact The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota...

7.2CVSS0.9AI score0.01385EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2022/04/13 10:15 p.m.32 views

CVE-2022-24847

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

7.2CVSS0.01385EPSS
Exploits0References1
Prion
Prionadded 2022/04/13 10:15 p.m.32 views

Deserialization of untrusted data

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

6.5CVSS7.2AI score0.01385EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2022/04/13 9:20 p.m.35 views

CVE-2022-24847 Improper Input Validation in GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

7.2CVSS7.5AI score0.01385EPSS
Exploits0References1
OSV
OSVadded 2022/04/13 9:20 p.m.26 views

CVE-2022-24847 Improper Input Validation in GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

7.2CVSS7.3AI score0.01385EPSS
Exploits0References3
vulnersOsv
vulnersOsvadded 2022/04/13 12:0 a.m.5 views

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.0.1) +71 more potentially affected by CVE-2022-28347 via django (>=3.2.0 <=3.2.12)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =6.0.0, =6.0.0, =6.4.1 - coldfront =1.1.0 - common-framework =2021.4.1 - directory-validators =9.0.0 and more Source cves: CVE-2022-28347 Source advisory: OSV:GHSA-W24H-V9QH-8GXJ...

9.8CVSS7AI score0.02875EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2022/04/13 12:0 a.m.3 views

PT-2022-19401

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Access Manager Plus versions prior to 4302 Zoho ManageEngine Password Manager Pro versions prior to 12007 ManageEngine Privileged Access Manager 360 PAM360 versions prior to 5401 Description The software solutions Zoho...

10CVSS9.4AI score0.83321EPSS
Exploits1References9
Patchstack
Patchstackadded 2022/04/13 12:0 a.m.21 views

WordPress Easily Generate Rest API Url plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by websafe2021 in WordPress Easily Generate Rest API Url plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of 29 March 2022 and is not available for download. This closure is temporary, pending a full...

4.8CVSS2.1AI score0.00565EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDBadded 2022/04/13 12:0 a.m.21 views

Easily Generate Rest API Url <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the "Post Per Page" or "Enter Search Text": settings of the plugin: "autofocu...

4.8CVSS2AI score0.00565EPSS
Exploits2Affected Software1
wpexploit
wpexploitadded 2022/04/13 12:0 a.m.143 views

Easily Generate Rest API Url <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the "Post Per Page" or "Enter Search Text": settings of the plugin: "autofocus...

4.8CVSS0.5AI score0.00565EPSS
Exploits2
BDU FSTEC
BDU FSTECadded 2022/04/04 12:0 a.m.5 views

The vulnerability of the Kubeclient::Config implementation in the REST API client for Kubernetes allows a attacker to perform a “man-in-the-middle” attack.

The vulnerability of the Kubeclient::Config implementation for the REST API client of Kubernetes allows for certificate validation process errors. Exploiting this vulnerability could enable a malicious actor to carry out a “man-in-the-middle” attack...

8.3CVSS7.2AI score0.00905EPSS
Exploits0References7Affected Software4
Prion
Prionadded 2022/03/30 10:15 p.m.17 views

Design/Logic Flaw

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

4CVSS6.3AI score0.00944EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2022/03/28 7:15 p.m.18 views

CVE-2022-0549

An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not...

6.5CVSS0.00906EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2022/03/28 7:15 p.m.27 views

CVE-2022-0549

An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not...

6.5CVSS6.5AI score0.00906EPSS
Exploits1References2
OSV
OSVadded 2022/03/28 7:15 p.m.2 views

UBUNTU-CVE-2022-0549

An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not...

6.5CVSS6.5AI score0.00906EPSS
Exploits1References3
Rows per page
Query Builder