CVE-2023-23445

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface...

CVE-2023-23450

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via...

CVE-2023-23584

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 MR2, 8.60 prior to vEL8.60.2039 MR4, all...

CVE-2020-5943

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password...

CVE-2019-0301

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...

PT-2025-14791 · Jhipster · Generator-Jhipster-Entity-Audit

Name of the Vulnerable Software and Affected Versions: generator-jhipster-entity-audit versions prior to 5.9.1 Description: The issue allows for unsafe reflection when Javers is selected as the Entity Audit Framework. If an attacker can place malicious classes into the classpath and access the RE...

PT-2025-13797 · Tuleap · Tuleap

Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 16.5.99.1742392651 Tuleap Enterprise Edition versions prior to 16.5-5 and 16.4-8 Description: The issue concerns the lack of enforcement of read permissions on parent trackers in the REST API. This affects the...

CVE-2025-25042

A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized acce...

XWiki Platform 安全漏洞

XWiki Platform is the XWiki open source suite of wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions prior to 15.10.14, prior to 16.4.6, and prior to 16.10.0-rc-1, which stems from a REST API that could disclose private informatio...

CVE-2025-25042

A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized acce...

CVE-2025-25042 Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface

A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized acce...

CVE-2025-25042 Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface

A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized acce...

CVE-2025-25042

CVE-2025-25042 affects HPE AOS-CX devices via the REST interface. An authenticated, low-privilege user can read encrypted credentials of other users on the switch, exposing sensitive information and potentially enabling further access. The CVSS v3.1 base score is 4.3 (Medium) with network attack ...

ABB RMC-100

SUMMARY An update is available that resolves a vulnerability in the product versions listed as affected in this advisory. An attacker who successfully exploited this vulnerability could cause the web UI to stop. 2. WORKAROUNDS The vulnerability is only present when the REST interface is enabled...

WordPress plugin REST API TO MiniProgram 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Cleartext Storage of Sensitive Information

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to improper redaction of encrypted values in config.xml when accessed via REST API or CLI. An attacker with...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

CVE-2024-24778

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue...

Apache StreamPipes has improper privilege management in a REST interface

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was known. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to improper privilege management in a REST interface. An attacker can access unauthorized resources by knowing the resource ID. Note: This is only exploitable if the attacker is a registered user...