Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4936 matches found

wpexploit
wpexploitadded 2021/08/16 12:0 a.m.152 views

SEOPress 5.0.0 – 5.0.3 - Authenticated Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $outp...

6.4CVSS0.9AI score0.00348EPSS
Exploits2References1
WPVulnDB
WPVulnDBadded 2021/08/16 12:0 a.m.16 views

SEOPress 5.0.0 – 5.0.3 - Authenticated Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts. PoC $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ;...

6.4CVSS1AI score0.00348EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessusadded 2021/08/12 12:0 a.m.27 views

Cisco Firepower Device Manager On-Box Software RCE (cisco-sa-fdm-rce-Rx6vVurq)

According to its self-reported version, Cisco Firepower Device Manager FDM On-Box software is affected by a vulnerability in the REST API that allows an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to...

9CVSS8.6AI score0.00689EPSS
Exploits0References3
NVD
NVDadded 2021/08/05 1:15 p.m.5 views

CVE-2021-38095

The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request...

7.5CVSS0.00567EPSS
Exploits1References2
Prion
Prionadded 2021/08/05 1:15 p.m.11 views

Cross site request forgery (csrf)

The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request...

5CVSS7.6AI score0.00567EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2021/08/05 12:23 p.m.42 views

CVE-2021-38095

The CVE-2021-38095 entry affects Planview Spigit 4.5.3, where the REST API allows remote unauthenticated attackers to query sensitive user account data via api/v1/users/1. This is an unauthenticated access vulnerability exposing user data (high impact per CVSS 3.1). The Connected documents confir...

7.5CVSS7.5AI score0.00567EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2021/08/05 12:23 p.m.15 views

CVE-2021-38095

The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request...

7.8AI score0.00567EPSS
Exploits1References2
NVD
NVDadded 2021/08/04 6:15 p.m.18 views

CVE-2021-34707

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API...

6.5CVSS0.00237EPSS
Exploits0References1
OSV
OSVadded 2021/08/04 6:15 p.m.1 views

CVE-2021-34707

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API...

6.5CVSS5.8AI score
Exploits0References1
Prion
Prionadded 2021/08/04 6:15 p.m.19 views

Design/Logic Flaw

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API...

4CVSS6.2AI score0.00237EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2021/08/04 5:20 p.m.67 views

CVE-2021-34707

CVE-2021-34707 concerns a information-disclosure vulnerability in the REST API of Cisco EPNM. An authenticated, remote attacker can exploit this by sending a specific API request to obtain sensitive information from the application. The issue is attributed to insufficient protection of sensitive ...

6.5CVSS6.2AI score0.00237EPSS
Exploits0References1Affected Software1
Hacker One
Hacker Oneadded 2021/07/30 11:5 p.m.21 views

GitLab: Improper access control for users with expired password, giving the user full access through API and Git

Summary Users with an "expired password" can still access the full API with tokens. This includes the REST API, GraphQL API and Git HTTP access. The same issue was mitigated in 13.12.2 as "Insufficient Expired Password Validation". That patch blocked users with expired passwords from accessing th...

7AI score
Exploits0
Github Security Blog
Github Security Blogadded 2021/07/26 9:22 p.m.66 views

Missing Authorization in TeamPass

Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default...

8.1CVSS4AI score0.003EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2021/07/26 9:22 p.m.24 views

GHSA-GMR7-M73X-6C9Q Missing Authorization in TeamPass

Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default...

8.1CVSS7.9AI score0.003EPSS
Exploits1References2
OSV
OSVadded 2021/07/26 9:20 p.m.16 views

GHSA-FV48-HJHP-94C7 Incorrect Authorization in TeamPass

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function...

7.5CVSS7.5AI score0.00812EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2021/07/26 9:20 p.m.41 views

Incorrect Authorization in TeamPass

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function...

7.5CVSS2.7AI score0.00812EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2021/07/22 4:15 p.m.2 views

CVE-2021-1518

A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...

8.8CVSS7.6AI score
Exploits0References1
Prion
Prionadded 2021/07/22 4:15 p.m.16 views

Design/Logic Flaw

A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...

9CVSS8.7AI score0.00689EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2021/07/22 3:20 p.m.13 views

CVE-2021-1518 Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability

A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...

6.3CVSS8.9AI score0.00689EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2021/07/22 3:20 p.m.12 views

CVE-2021-1518 Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability

A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...

6.3CVSS7.6AI score0.00689EPSS
Exploits0References1
Rows per page
Query Builder