PT-2024-18077 · Colorlib · Wp Maintenance Mode & Coming Soon

Name of the Vulnerable Software and Affected Versions: Coming Soon & Maintenance Mode by Colorlib plugin for WordPress versions up to, and including, 1.0.99 Description: The issue allows unauthenticated attackers to obtain post and page contents via the REST API, thus bypassing maintenance mode...

PT-2024-15746 · WordPress · Page Restrict

Name of the Vulnerable Software and Affected Versions: Page Restrict plugin for WordPress versions up to, and including, 2.5.5 Description: The issue is related to information disclosure due to the plugin not properly restricting access to posts via the REST API when a page has been made private...

PT-2024-15913 · WordPress · Anonymous Restricted Content

Name of the Vulnerable Software and Affected Versions: Anonymous Restricted Content plugin for WordPress versions up to, and including, 1.6.2 Description: The issue is due to insufficient restrictions through the REST API on protected posts and pages, allowing unauthenticated attackers to access...

MikroTik RouterOS Security Vulnerability

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in PCs to enable them to provide router functionality. A security vulnerability exists in MikroTik RouterOS versions v7.1 through 7.11 that stems from the presence of a...

PYSEC-2023-218

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuratio...

CVE-2021-36225

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation...

CVE-2021-36225

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation...

CVE-2022-4417 WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

CVE-2022-31149 ActivityWatch vulnerable to DNS rebinding attack

ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should upgrade to v0.12.0b2 or later to receive a...

FreeBSD : Gitlab -- multiple vulnerabilities (d1b35142-ff4a-11ec-8be3-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d1b35142-ff4a-11ec-8be3-001b217b3468 advisory. - A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions...

PT-2022-9593 · WordPress · All In One Seo

Name of the Vulnerable Software and Affected Versions: All in One SEO WordPress plugin versions prior to 4.1.5.3 Description: The issue allows bad actors to access protected REST API endpoints, potentially enabling users with low-privileged accounts to perform remote code execution on affected...

PT-2021-22030 · WordPress · The Gutenberg Template Library & Redux Framework

Name of the Vulnerable Software and Affected Versions: The Gutenberg Template Library & Redux Framework plugin versions prior to 4.2.12 Description: The issue concerns an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route. Specifically, t...

CVE-2017-8013

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

Information Disclosure

spark-core is vulnerable to information disclosure. The vulnerability is possible due to a flaw in the security filter not performing authentication at the application level but instead at the roof of the UI. Therefore, the data and application in the SHS can be accessed through the REST API by a...