Design and Implementation of an Open-Source Security Framework for Cloud Infrastructure

Misconfiguration, excessive privilege, and tool fragmentation remain the main reasons why enterprise cloud environments are breached. Recent reports on cloud-native application protection note that most incidents can be traced back to configuration or identity errors rather than platform flaws, a...

WordPress Popup builder with Gamification plugin <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints vulnerability

Unauthenticated SQL Injection via Multiple REST API Endpoints vulnerability discovered by YCInfosec in WordPress Plugin PopupKit versions = 2.2.0...

CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products

A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...

CVE-2025-9804

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level...

CVE-2025-9804 Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level...

CVE-2025-43806

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

Liferay Portal and DXP does not properly check permission with import and export tasks

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

CVE-2025-43806

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

PT-2024-13919 · Ibm · Sametime

Name of the Vulnerable Software and Affected Versions: Sametime affected versions not specified Description: The issue is related to a Cross Site Request Forgery CSRF vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the...

Best Practical Request Tracker Security Vulnerability

Best Practical Request Tracker is an event tracking system written in Perl. A security vulnerability exists in versions prior to Best Practical Request Tracker 4.4.3-2+deb10u3, which stems from the ease of accepting unvalidated RT email headers in incoming emails and mail gateway REST interfaces...

Oracle Access Manager Multiple Vulnerabilities (Jul 2021 CPU)

The version of Oracle Access Manager installed on the remote host is affected by the following vulnerabilities as noted in the July 2021 CPU advisory : - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Rest interfaces for Access Mgr. The supported version...

CVE-2021-2358

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Rest interfaces for Access Mgr. The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Acces...

CVE-2021-2358

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Rest interfaces for Access Mgr. The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Acces...

Oracle Access Manager has an unspecified vulnerability (CNVD-2021-54683)

An unspecified vulnerability exists in the Rest interfaces for Access Mgr component of Oracle Access Manager version 11.1.2.3.0, the Web access management and user identity management solution for Oracle Identity Manager. An attacker could exploit this vulnerability to compromise confidentiality...

Oracle Fusion Middleware安全漏洞

An unspecified vulnerability exists in the Rest interfaces for Access Mgr component of Oracle Access Manager version 11.1.2.3.0, the Web access management and user identity management solution for Oracle Identity Manager. An attacker could exploit this vulnerability to compromise confidentiality...

Citrix NITRO SDK - Command Injection Vulnerability

A command injection vulnerability in Citrix NITRO SDK's xenhotfix page was discovered. The attacker-supplied command is executed with elevated privileges nsroot. This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data. Abstract...

Citrix Nitro SDK - Command Injection

Citrix Nitro SDK - Command Injection Abstract Securify discovered a command injection vulnerability in xenhotfix page of the NITRO SDK. The attacker-supplied command is executed with elevated privileges nsroot. This issue can be used to compromise of the entire Citrix SDX appliance and all...

Citrix Nitro SDK - Command Injection

Abstract Securify discovered a command injection vulnerability in xenhotfix page of the NITRO SDK. The attacker-supplied command is executed with elevated privileges nsroot. This issue can be used to compromise of the entire Citrix SDX appliance and all underling application's and data. Tested...

Several REST interfaces vulnerable to XSRF

Several REST web services are vulnerable to XSRF|https://www.owasp.org/index.php/Cross-SiteRequestForgeryCSRF, allowing malicious web pages to execute them under the context of a logged in users browser. It's understood that JIRA REST interfaces are typically protected against XSRF based on the...

Several REST interfaces vulnerable to XSRF

Several REST web services are vulnerable to XSRF|https://www.owasp.org/index.php/Cross-SiteRequestForgeryCSRF, allowing malicious web pages to execute them under the context of a logged in users browser. It's understood that JIRA REST interfaces are typically protected against XSRF based on the...