4933 matches found
WordPress plugin REST API | Custom API Generator For Cross Platform And Import Export In WP 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin REST API | Custom API Generator For Cross Platform And Impo...
XWiki allows SQL injection in query endpoint of REST API with Oracle
Impact It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Patches This has been patched ...
GHSA-PRWH-7838-XF82 XWiki allows SQL injection in query endpoint of REST API with Oracle
Impact It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Patches This has been patched ...
CVE-2025-27505
GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...
CVE-2024-56158 XWiki allows SQL injection in query endpoint of REST API with Oracle
XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Thi...
CVE-2024-56158 XWiki allows SQL injection in query endpoint of REST API with Oracle
XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Thi...
CVE-2025-49183
All communication with the REST API is unencrypted HTTP, allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files...
CVE-2025-49183
CVE-2025-49183 affects SICK Field Analytics and SICK Media Server. Root cause: unencrypted REST API communications over HTTP allow an attacker to intercept traffic, enabling information gathering and potential media-file downloads. Impact is described as confidentiality concerns (information disc...
CVE-2025-49183 Unencrypted communication (HTTP)
All communication with the REST API is unencrypted HTTP, allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files...
PT-2025-25308
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue is related to unencrypted communication with the REST API, which uses HTTP. This allows an attacker to intercept traffic between the actor and the webserver, potentially leading to...
SICK Field Analytics和SICK Media Server 安全漏洞
SICK Field Analytics and SICK Media Server are both products of the German company SICK.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from unencrypted...
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint
Impact GeoNetwork WFS Index functionality is affected by GeoTools XML External Entity XXE vulnerability during schema validation. This vulnerability is particularly severe as the REST API endpoint was not secured, potentially allowing unauthenticated attackers to read sensitive files Patches...
GHSA-2P76-GC46-5FVC GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint
Impact GeoNetwork WFS Index functionality is affected by GeoTools XML External Entity XXE vulnerability during schema validation. This vulnerability is particularly severe as the REST API endpoint was not secured, potentially allowing unauthenticated attackers to read sensitive files Patches...
GeoServer Missing Authorization on REST API Index
Summary It is possible to bypass the default REST API security and access the index page. Details The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. Impact The REST API index can disclose whether certain extensions are installed. Workaround In...
GHSA-H86G-X8MM-78M5 GeoServer Missing Authorization on REST API Index
Summary It is possible to bypass the default REST API security and access the index page. Details The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. Impact The REST API index can disclose whether certain extensions are installed. Workaround In...
CVE-2025-27505
GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...
CVE-2025-27505 GeoServer Missing Authorization on REST API Index
GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...
CVE-2025-27505 GeoServer Missing Authorization on REST API Index
GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...
CVE-2025-27505
GeoServer contains a REST API index authorization bypass vulnerability (CVE-2025-27505). The REST security excludes paths with extensions (for example rest.html), allowing unauthenticated access to the REST API Index and potentially revealing installed extensions and API endpoints. Affected codep...
CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery
GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...