CVE-2026-20219

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

GHSA-GH4X-F7CQ-WWX6 Glances Exposes Unauthenticated Configuration Secrets

Summary The /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all configured backend services including database passwords, API tokens, JWT...

EUVD-2016-3131

Malware in sbrugna...

EUVD-2017-17908

Malware in sbrugna...

Apache SeaTunnel 访问控制错误漏洞

Apache SeaTunnel is an easy-to-use data integration framework from the Apache USA Foundation. An access control error vulnerability exists in Apache SeaTunnel version 2.3.10 and earlier, which originates from an unauthorized user being able to perform arbitrary file read and deserialization attac...

Commvault Web Server unspecified vulnerability

RISK EVALUATION According to Commvault: "The Web Server is a component in CommCell environments that provides a RESTful interface to the software where users can perform various tasks using available APIs". A remote, authenticated attacker can exploit an unspecified vulnerability to compromise a...

OSIsoft PI Web API Code Issue Vulnerability

The Osisoft OSIsoft PI Web API is a RESTful interface to a set of PI systems from the US company Osisoft. The product supports client applications with read and write access to their AF and PI data over HTTPS. A code issue vulnerability exists in the OSIsoft PI Web API, which stems from a...

The vulnerability of the External RESTful Services interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to increase their privileges.

The vulnerability of the External RESTful Services interface of the Cisco Identity Services Engine ISE management platform for network policies is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by sending speciall...

Oxidized Web 跨站脚本漏洞

Oxidized Web is a Web UI + RESTful API for Oxidized. Oxidized Web suffers from a cross-site scripting vulnerability that stems from the fact that incorrect manipulation of the parameter toresearch can lead to cross-site scripting...

CVE-2020-29001

An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a...

The vulnerability of the RESTful service programming interface of the Cisco Identity Services Engine, a connection policy management platform, allows a perpetrator to generate arbitrary certificates signed by internal certification services.

The vulnerability of the RESTful Services Programmable Interface ERS implementation of the Cisco Identity Services Engine platform is related to authentication errors. Exploiting this vulnerability allows a malicious actor to generate arbitrary certificates signed by the internal certification...

The vulnerability of the Elastic Services Controller’s network management mechanism, related to errors in API request validation, allows a perpetrator to bypass authentication procedures and execute arbitrary code.

The vulnerability of the Elastic Services Controller’s network management interface is related to errors in checking API requests. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and execute arbitrary code by sending a specially crafted request to the RE...

HPE RESTful Interface Tool Privilege Permission and Access Control Vulnerability

HPE RESTful Interface Tool is a suite of RESTful interface tools from Hewlett Packard Enterprise HPE that can configure, inventory, and monitor a variety of system and server components, which supports control of power supplies, BIOS legacy/UEFI, and iLO 4 through command tools settings, reading...

CVE-2017-8968

A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 hprest-1.5-79.x8664.rpm, ilorest-2.0-403.x8664.rpm. The issue is resolved in iLOREST v2.1 or subsequent versions...

Code injection

A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 hprest-1.5-79.x8664.rpm, ilorest-2.0-403.x8664.rpm. The issue is resolved in iLOREST v2.1 or subsequent versions...

CVE-2017-8968

A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 hprest-1.5-79.x8664.rpm, ilorest-2.0-403.x8664.rpm. The issue is resolved in iLOREST v2.1 or subsequent versions...

CVE-2017-8968

A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 hprest-1.5-79.x8664.rpm, ilorest-2.0-403.x8664.rpm. The issue is resolved in iLOREST v2.1 or subsequent versions...

CVE-2017-8968

CVE-2017-8968 affects HPE RESTful Interface Tool versions 1.5 and 2.0. A privilege-granting and access-control vulnerability allows remote attackers to execute arbitrary code, as described in CNVD-2019-03323, with the issue fixed in iLOREST v2.1 and later.