GHSA-VM7W-2724-5M23 Apache StreamPipes has improper privilege management in a REST interface

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was known. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue...

PYSEC-2025-66

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1.Users are recommended to upgrade to version 0.97.0 which fixes the issue...

CVE-2024-24778

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue...

PYSEC-2025-66

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue...

CVE-2024-24778

CVE-2024-24778 – Apache StreamPipes" : Applies to StreamPipes up to version 0.95.1. Root cause described across sources as improper privilege management in a REST interface, due to lack of filtering/sloppy validation of resource IDs, allowing registered users to access unauthorized resources if t...

PT-2025-9316 · Apache · Apache Streampipes

Name of the Vulnerable Software and Affected Versions: Apache StreamPipes versions through 0.95.1 Description: The issue is related to improper privilege management in a REST interface, allowing registered users to access unauthorized resources if the resource ID is known. Recommendations: Upgrad...

CVE-2023-26566

Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface ARI, which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API...

PT-2025-6495 · WordPress · Brizy

Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder plugin for WordPress versions up to and including 2.6.8 Description: The issue is related to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input sanitization and output escaping. This allow...

WordPress plugin Hunk Companion 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in...

WordPress WP Project Manager plugin <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API vulnerability

Authenticated Subscriber+ Sensitive Information Exposure via Project Task List REST API vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin WP Project Manager versions = 2.6.15...

PT-2024-16361 · WordPress · Wp Project Manager

Name of the Vulnerable Software and Affected Versions: WP Project Manager plugin for WordPress versions prior to 2.6.16 Description: The issue allows authenticated attackers with Subscriber-level access and above to extract sensitive data, including hashed passwords of project owners, via the...

PT-2024-17406

Name of the Vulnerable Software and Affected Versions Collapsing Categories plugin for WordPress versions up to, and including, 3.0.8 Description The issue is related to SQL Injection via the taxonomy parameter of the "/wp-json/collapsing-categories/v1/get" REST API. This is due to insufficient...

jenkins: Item creation restriction bypass vulnerability

A flaw was found in Jenkins. When attempting to create an item prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API, if either of these checks fail, Jenkins creates the item in memory and only deletes it from disk. This may...

PT-2024-16220 · WordPress · The Otter Blocks – Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress versions up to, and including, 3.0.4 Description: The issue is related to Stored Cross-Site Scripting via REST API SVG File uploads due to...

CVE-2024-8215 Payload Injection Attack via Management REST interface

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Payara Platform Payara Server Admin Console modules allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before...

CVE-2024-8215 Payload Injection Attack via Management REST interface

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Payara Platform Payara Server Admin Console modules allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before...

GHSA-F9QJ-77Q2-H5C5 Jenkins item creation restriction bypass vulnerability

Jenkins provides APIs for fine-grained control of item creation: - Authorization strategies can prohibit the creation of items of a given type in a given item group ACLhasCreatePermission2. - Item types can prohibit creation of new instances in a given item group...

CVE-2024-20438

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

PT-2024-7160 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.478 and earlier, LTS 2.462.2 and earlier Description: The issue is related to insufficient access control in Jenkins, allowing attackers to bypass item creation restrictions. If an attempt is made to create an item of a...