Design/Logic Flaw

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...

CVE-2020-10257

CVE-2020-10257 concerns the WordPress ThemeREX Addons plugin prior to 2020-03-09. The issue is an access-control flaw in the /trx_addons/v2/get/sc_layout REST API endpoint: includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter, allowing unauthenticated users...

VulnCheck KEV: CVE-2020-10257

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...

Tomcat version information disclosed when calling REST endpoints

h3. Issue Summary When accessing the REST API endpoints as an unauthenticated user an error page is displayed and this page contains the version information for Tomcat. This is a security concern and should not be disclosed. h3. Steps to Reproduce As an unauthenticated user access the following...

Security Bulletin: IBM MQ Console and REST API are vulnerable to multiple Denial of service attacks within HTTP/2 (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9514, CVE-2019-9512, CVE-2019-9513)

Summary Several issues were reported against the HTTP/2 implementation used by IBM WebSphere Application Server Liberty Profile which is used to host the IBM MQ Console and REST API. Vulnerability Details CVEID: CVE-2019-9515 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a settings...

Information Disclosure

buddypress is vulnerable to information disclosure. Requests to a some of the REST API endpoints can allow an unauthenticated remote attacker to obtain private user data...

CVE-2020-5244

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

CVE-2020-5244

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

Authentication flaw

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

CVE-2020-5244 Private data exposure via REST API in BuddyPress

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

CVE-2020-5244

CVE-2020-5244 affects the WordPress BuddyPress plugin prior to version 5.1.2. The vulnerability allows an unauthenticated attacker to trigger requests to a REST API endpoint and disclose private user data. The root cause is an information-disclosure flaw in the exposed REST endpoint, enabling exp...

Private data exposure via REST API in BuddyPress

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

GHSA-3J78-7M59-R7GV Private data exposure via REST API in BuddyPress

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

CVE-2020-3112

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by...

Improper access control

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by...

CVE-2020-3112 Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by...

CVE-2020-3112

CVE-2020-3112 is a privilege-escalation vulnerability in Cisco Data Center Network Manager (DCNM) REST API. The issue stems from insufficient access control validation, allowing an authenticated, low-privilege user to send crafted API requests and interact with the API with administrative privile...

CVE-2020-3112 Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by...

Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by...

CVE-2020-8612

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...