4936 matches found
CVE-2024-10553 Jdbc Deserialization in h2oai/h2o-3
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...
MAL-2025-2543 Malicious code in azure-rest-api-specs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9b45f4b5db07c14af82f92638c97d70419c7936860274a00dbea1e18db0b58f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in azure-rest-api-specs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9b45f4b5db07c14af82f92638c97d70419c7936860274a00dbea1e18db0b58f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2025-12046
Name of the Vulnerable Software and Affected Versions: h2oai/h2o-3 versions 3.46.0.4 through 3.46.0.5 Description: A vulnerability in the h2oai/h2o-3 REST API allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The issue exists in the endpoints...
PT-2025-12145 · Unknown +1 · Langgenius/Dify +1
Name of the Vulnerable Software and Affected Versions: langgenius/dify version 0.10.1 Description: The issue is a Server-Side Request Forgery SSRF vulnerability in the test functionality for the Create Custom Tool option via the REST API endpoint POST...
The WikiManager REST API allows any user to create wikis
Impact Any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard by default: it needs to be installed manually through the extension manager...
XWiki uses the wrong wiki reference in AuthorizationManager
Impact It's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The vulnerability only affects subwikis, and it only concerns specific right options such as...
GHSA-GQ32-758C-3WM3 XWiki uses the wrong wiki reference in AuthorizationManager
Impact It's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The vulnerability only affects subwikis, and it only concerns specific right options such as...
CVE-2025-29924
XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The...
CVE-2025-29926
XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard b...
CVE-2025-29926 The WikiManager REST API allows any user to create wikis
XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard b...
CVE-2025-29926 The WikiManager REST API allows any user to create wikis
XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard b...
CVE-2025-29926 The WikiManager REST API allows any user to create wikis
XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard b...
CVE-2025-29926
CVE-2025-29926 affects XWiki Platform via the WikiManager REST API. In affected releases before fixes, any user could create a new wiki, potentially granting the user administrator privileges and enabling further farm-wide attacks. The REST API is not included in XWiki Standard by default and mus...
CVE-2025-29924
XWiki Platform contains an authorization bypass in subwikis that can expose private information via the REST API (and potentially other APIs) when rights like “Prevent unregistered users to view pages” or “Prevent unregistered users to edit pages” are enabled. Affected versions: before 15.10.14, ...
CVE-2025-29924 XWiki uses the wrong wiki reference in AuthorizationManager
XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The...
CVE-2025-29924 XWiki uses the wrong wiki reference in AuthorizationManager
XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The...
CVE-2025-29924 XWiki uses the wrong wiki reference in AuthorizationManager
XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The...
XWiki Platform 授权问题漏洞
XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. An authorization issue vulnerability exists in XWiki Platform versions prior to 15.10.15, prior to 16.4.6, and prior to 16.10.0, which stems from the WikiManager REST API that could be...
PT-2025-11970 · Unknown · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 15.10.14 XWiki Platform versions prior to 16.4.6 XWiki Platform versions prior to 16.10.0-rc-1 Description: The issue allows an user to access private information through the REST API when a sub wiki is using...