The vulnerability of the software for the RESTful API used to manage content in Plone CMS (plone.rest) involves an uncontrolled resource consumption, which allows a hacker to cause a service failure.

The vulnerability of the software for the RESTful API used to manage content in Plone CMS plone.rest is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

Commander - A Command And Control (C2) Server

Commander is a command and control framework C2 written in Python, Flask and SQLite. It comes with two agents written in Python and C. Under Continuous Development Not script-kiddie friendly Features Fully encrypted communication TLS Multiple Agents Obfuscation Interactive Sessions Scalable Base6...

A Look at Our Development Process of the Cloud Resource Enrichment API

In today's ever-evolving cybersecurity landscape, detecting and responding to cyber threats is paramount for organizations in cloud environments. At the same time, investigating cyber threat alerts can be arduous due to the time-consuming and complex process of data collection. To tackle this pai...

Jenkins Pipeline restFul API Plugin vulnerable to Cross Site Request Forgery

Jenkins Pipeline restFul API Plugin 0.11 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to have Jenkins connect to an attacker-specified URL, capturing a newly generated JCLI token...

CVE-2023-37957

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token...

Jenkins Plugin Pipeline restFul 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

OS Command Injection via Type Confusion in Scan and Preview Parameters

Description Scanservjs has a RESTful API that provides endpoints for interacting with scanners using the SANE library. There are two APIs for scanning an image and generating a preview image that call out to Process.spawn, invoking a scanimage command as a subprocess of the server, and passing...

CVE-2022-46609

Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well ...

python-podman bug fix and enhancement update

An update is available for python-podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-podman package is a library of bindings to use the RESTful A...

CVE-2022-31571

The CVE-2022-31571 entry concerns the akashtalole/python-flask-restful-api repository (GitHub) where an absolute path traversal is possible due to unsafe use of Flask send_file. This vulnerability is documented across multiple sources (NVD, Red Hat, CVE List, PRION, CNVD, etc.), with the core iss...

python-flask-restful-api 路径遍历漏洞

python-flask-restful-api is a python interface repository by the individual developer Akash Talole in India. A security vulnerability exists in python-flask-restful-api, which stems from insecure use of the Flask sendfile function...

CVE-2022-24863

http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down...

Design/Logic Flaw

http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down...

CVE-2022-24863

CVE-2022-24863 affects the http-swagger package (wrapper for Swagger 2.0 docs). Versions prior to 1.2.6 are vulnerable due to improper handling of HTTP methods, enabling a denial-of-service via memory exhaustion on the host. The issue is mitigated by upgrading to 1.2.6 or by restricting the path ...

CVE-2022-24863 Denial of service in http-swagger

http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down...

CVE-2022-24863 Denial of service in http-swagger

http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down...

GHSA-2HPG-VWQJ-6H6W Authentication bypass in Apache Kylin

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any...

Clash - A Rule-Based Tunnel In Go

A rule-based tunnel in Go. Features Local HTTP/HTTPS/SOCKS server with authentication support VMess, Shadowsocks, Trojan, Snell protocol support for remote connections Built-in DNS server that aims to minimize DNS pollution attack impact, supports DoH/DoT upstream and fake IP. Rules based off...

CVE-2021-32835

CVE-2021-32835 affects Eclipse Keti, a service that enforces ABAC for REST APIs. The connected records identify a Groovy Sandbox escape vulnerability in Keti, which could allow post-authentication Remote Code Execution (RCE). The issue is linked to a commit (a1c8dbe) and is discussed in GHSL-2021...

CVE-2021-32834 Arbitrary Groovy script evaluation in Eclipse Keti

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist...