CVE-2024-8484

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

WordPress plugin REST API TO MiniProgram 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-39127 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p16 Checkmk versions prior to 2.2.0p34 Description: The issue allows authenticated users to bypass two-factor authentication in the RestAPI of Checkmk. This enables attackers to access the system without providi...

CVE-2024-7312 REST Interface Link Redirection via Host parameter

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Payara Platform Payara Server REST Management Interface modules allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before...

CVE-2024-7312 REST Interface Link Redirection via Host parameter

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Payara Platform Payara Server REST Management Interface modules allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before...

CVE-2024-6456

AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL...

CVE-2024-6456 SQL Injection vulnerability in AVEVA Historian Server

AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL...

CVE-2024-6456 SQL Injection vulnerability in AVEVA Historian Server

AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL...

CVE-2024-6456

CVE-2024-6456 describes a SQL Injection vulnerability in AVEVA Historian Server. Public sources in the connected documents indicate that an attacker could exploit the issue by enticing a user to open a specially crafted URL via the interactive Historian REST Interface, allowing the execution of S...

AVEVA Historian Web Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : AVEVA Equipment : Historian Server Vulnerability : SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to get read and write...

CVE-2024-30170

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,...

Critical: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 security update

An update for openstack-cinder, openstack-glance, and openstack-nova is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Critical: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.3 security update

An update for openstack-nova, openstack-glance, and openstack-cinder is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Apache Flink Improper Access Control Vulnerability

Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface...

CVE-2023-26566

Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface ARI, which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API...

PT-2024-26118 · Unknown · Createwiki

Name of the Vulnerable Software and Affected Versions: CreateWiki affected versions not specified Description: The issue allows users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki...

CVE-2023-26566

Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface ARI, which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API...

PT-2024-12105 · Sangoma · Sangoma Freepbx

Name of the Vulnerable Software and Affected Versions: Sangoma FreePBX versions 1805 through 2203 Description: The issue concerns hardcoded credentials for the Asterisk REST Interface ARI in Sangoma FreePBX, allowing remote attackers to reconfigure Asterisk and make external and internal calls vi...

PT-2024-22297 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.1.2 Description: An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. Recommendations: For versions prior to...

WordPress plugin Geo Controller 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...