4930 matches found
PT-2025-35547
Name of the Vulnerable Software and Affected Versions: H2O-3 versions prior to 3.46.0.8 Description: A deserialization issue exists in the H2O-3 REST API /99/ImportSQLTable. The vulnerability allows remote code execution RCE due to improper validation of JDBC connection parameters when using a...
CVE-2025-20347
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...
CVE-2025-20348
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...
CVE-2025-20347
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...
CVE-2025-20347
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...
CVE-2025-20347 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...
CVE-2025-20347
Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller (NDFC) have missing authorization controls on certain REST API endpoints. An authenticated, low-privileged attacker could view sensitive information or upload/modify files via crafted API requests, potentially executing limited Administr...
PT-2025-34897 · Cisco · Cisco Nexus Dashboard +1
Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC affected versions not specified Description: A vulnerability exists in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC due...
Linux Distros Unpatched Vulnerability : CVE-2023-5561
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of use...
Linux Distros Unpatched Vulnerability : CVE-2022-1999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain...
Linux Distros Unpatched Vulnerability : CVE-2019-20043
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a...
PT-2025-34898 · Cisco · Cisco Nexus Dashboard +1
Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC affected versions not specified Description: A vulnerability exists in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC. Th...
Linux Distros Unpatched Vulnerability : CVE-2020-26415
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab =12.2 ...
M-Files 25.6.14925.0 Path Traversal
This repository contains a proof-of-concept exploit in C for a suspected path traversal vulnerability in M‑Files version 25.6.14925.0. It attempts to read sensitive files e.g. /etc/passwd by injecting traversal payloads into REST API endpoints...
CVE-2025-7441 StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload
The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticat...
CVE-2025-55675 Apache Superset: Incorrect datasource authorization on REST API
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
CVE-2025-5998
The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API...
PT-2025-33136 · WordPress · Ppwp – Password Protect Pages
Name of the Vulnerable Software and Affected Versions: PPWP – Password Protect Pages WordPress plugin versions prior to 1.9.11 Description: The PPWP – Password Protect Pages WordPress plugin prior to version 1.9.11 allows site content to be placed behind password authorization; however, users wit...
The vulnerability of the REST API implementation of the monitoring and network equipment management system called Cisco Prime Infrastructure, as well as the Cisco Evolved Programmable Network Manager (EPNM) software for managing network services, allows a attacker to execute arbitrary code.
The vulnerability of the REST API interface of the Cisco Prime Infrastructure monitoring and network equipment management system, as well as the Cisco Evolved Programmable Network Manager EPNM, relates to the lack of security measures for SQL query structures. Exploiting this vulnerability allows...
CVE-2025-51308
In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks...