4934 matches found
CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery
GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...
CVE-2024-40625
GeoServer's CVE-2024-40625 affects the Coverage REST API endpoint /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} where {method} = 'url' can upload arbitrary URLs without validation, enabling Server Side Request Forgery. The issue is tied to unfiltered file URL input and ...
Coverage REST API Server Side Request Forgery
Summary The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allow to upload file with a specified url with method equals 'url' with no restrict. Details The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allow to upload file...
GHSA-R4HF-R8GJ-JGW2 Coverage REST API Server Side Request Forgery
Summary The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allow to upload file with a specified url with method equals 'url' with no restrict. Details The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allow to upload file...
PT-2025-26488 · Maven · Org.Geonetwork-Opensource:Gn-Web-App +1
Impact GeoNetwork WFS Index functionality is affected by GeoTools XML External Entity XXE vulnerability during schema validation. This vulnerability is particularly severe as the REST API endpoint was not secured, potentially allowing unauthenticated attackers to read sensitive files Patches...
PT-2025-24671 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.25.6 GeoServer versions prior to 2.26.3 Description: The issue allows bypassing the default REST API security, enabling access to the index page. This is possible because the REST API security does not handle...
PT-2025-24663 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.26.0 Description: The issue concerns the Coverage REST API, specifically the endpoint "/workspaces/workspaceName/coveragestores/storeName/method.format", which allows attackers to upload files with a specified UR...
CVE-2025-48490
Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, a...
CVE-2025-48490
Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, a...
CVE-2025-48490
CVE-2025-48490 affects the Lomkit Laravel Rest Api package (PHP). Prior to 2.13.0, the system merged validation rules across contexts (e.g., index, store, update), allowing multiple validations for the same attribute to be silently overridden. An attacker could craft requests that bypass key vali...
CVE-2025-48490 Laravel Rest Api has a Search Validation Bypass
Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, a...
CVE-2025-48490 Laravel Rest Api has a Search Validation Bypass
Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, a...
CVE-2025-48490 Laravel Rest Api has a Search Validation Bypass
Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, a...
Laravel Rest Api 安全漏洞
Laravel Rest Api is a Lomkit open source tool for generating Api in seconds. A security vulnerability exists in Laravel Rest Api versions prior to 2.13.0, which stems from an authentication bypass that could lead to the injection of unexpected or dangerous parameters...
Validation Bypass
lomkit/laravel-rest-api is vulnerable to a Validation Bypass. The vulnerability is due to how the framework merged validation rules across multiple contexts, allowing malicious actors to bypass expected validations and inject unexpected parameters...
Improper Use of Validation Framework
Overview lomkit/laravel-rest-api is an A package to build quick and robust rest api for the Laravel framework. Affected versions of this package are vulnerable to Improper Use of Validation Framework due to the way validation rules are merged across different contexts such as index, store, and...
Laravel Rest Api has a Search Validation Bypass
A validation bypass vulnerability was discovered prior to version 2.13.0, where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, and update actions, malicious actors...
PT-2025-23138 · Laravel · Laravel Rest Api
Name of the Vulnerable Software and Affected Versions: Laravel Rest Api versions prior to 2.13.0 Description: A validation bypass issue was discovered where multiple validations defined for the same attribute could be silently overridden. This occurs due to how the framework merges validation rul...
MAL-2025-4564 Malicious code in iot-sdk-device-client-rest-api (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7292c16917957be9e3511b347ab46a5b84d68d182f759d96859e22b934d013f Any computer that has this package installed or running should be considered...
CVE-2025-0580
A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi=getOrders of the component REST API Module. The manipulation of the argument contentHash leads to...