4936 matches found
CVE-2025-32950 io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...
GHSA-88H5-34XW-2Q56 XSS in the /files Endpoint of the Generic REST API
Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be...
XSS in the /files Endpoint of the Generic REST API
Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be...
GHSA-X27V-F838-JH93 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API
Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be...
PT-2025-17576 · Unknown · Cuba Rest Api Add-On
Name of the Vulnerable Software and Affected Versions: CUBA REST API add-on versions prior to 7.2.7 Description: The issue allows malicious JavaScript code to be executed in the browser by manipulating the input parameter, which consists of a file path and name, to return the Content-Type header...
CVE-2024-12862
Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4...
CVE-2024-12862 REST API allows users without permissions to remove external collaborators
Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4...
CVE-2024-12862 REST API allows users without permissions to remove external collaborators
Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4...
PT-2025-17436 · Opentext · Opentext Content Server
Name of the Vulnerable Software and Affected Versions: OpenText Content Server versions 20.2 through 24.4 Description: The issue is related to an Incorrect Authorization vulnerability in the OpenText Content Server REST API, allowing users without the appropriate permissions to remove external...
Exploit for CVE-2025-3102
CVE-2025-3102 🛠️ SureTriggers Exploit Script Script ini diguna...
CVE-2025-32945
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...
WordPress REST API Authentication plugin <= 3.6.3 - Settings Change Vulnerability
Settings Change Vulnerability discovered by chuck in WordPress Plugin WordPress REST API Authentication versions = 3.6.3...
CVE-2025-39545
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through = 3.6.3...
CVE-2025-39545 WordPress REST API Authentication plugin <= 3.6.3 - Settings Change Vulnerability
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through = 3.6.3...
CVE-2025-39545
CVE-2025-39545 describes a Missing Authorization vulnerability in the WordPress REST API Authentication plugin. Affected product: WordPress REST API Authentication, versions from unknown up to and including 3.6.3. Root cause: misconfigured access control enabling unauthorized actions or settings ...
CVE-2025-39545 WordPress WordPress REST API Authentication <= 3.6.3 - Settings Change Vulnerability
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3...
WordPress plugin WordPress REST API Authentication 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2025-32945
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...
CVE-2025-32945 PeerTube Arbitrary Playlist Creation via REST API
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...
CVE-2025-32945 PeerTube Arbitrary Playlist Creation via REST API
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...