4936 matches found
CVE-2024-0913
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.13.0 due to insufficient escapi...
CVE-2024-8522
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-8529
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-8484
The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-48019 Apache Doris: allows admin users to read arbitrary files through the REST API
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade ...
CVE-2024-48019 Apache Doris: allows admin users to read arbitrary files through the REST API
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade ...
CVE-2025-0466
The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak senseiemail and senseimessage Information...
CVE-2025-0466
The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak senseiemail and senseimessage Information...
CVE-2025-0466 Sensei LMS < 4.24.4 - Unauthenticated sensei_email/sensei_message Disclosure
The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak senseiemail and senseimessage Information...
PT-2025-3902 · WordPress · Sensei Lms
Name of the Vulnerable Software and Affected Versions: Sensei LMS WordPress plugin versions prior to 4.24.4 Description: The issue concerns the inadequate protection of some REST API routes in the Sensei LMS WordPress plugin, allowing unauthenticated attackers to leak information related to sense...
CVE-2024-53296
Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It...
CVE-2025-20156
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...
CVE-2025-20156
CVE-2025-20156 – Cisco Meeting Management REST API Privilege Escalation : A vulnerability in the REST API allows an authenticated, low-privilege user to elevate to administrator on affected devices due to inadequate authorization enforcement. An attacker can exploit this by sending API requests t...
CVE-2025-20156 Cisco Meeting Management Client-Server Privilege Escalation Vulnerability
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...
CVE-2025-20156 Cisco Meeting Management Client-Server Privilege Escalation Vulnerability
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...
Cisco Meeting Management REST API Privilege Escalation Vulnerability
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...
PT-2025-4145 · Cisco · Cisco Meeting Management
The vulnerable software is Cisco Meeting Management, which has a flaw in its REST API that allows a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This is possible due to improper authorization enforcement, which can be exploited b...
VulnCheck KEV: CVE-2024-32735
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...
BIT-WORDPRESS-2024-12028
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...