Lucene search
+L

266 matches found

Vulnrichment
Vulnrichment
added 2025/07/08 6:43 p.m.6 views

CVE-2025-27369 IBM OpenPages with Watson information disclosure

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuratio...

4.3CVSS5.7AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/08 6:43 p.m.10 views

CVE-2025-27369 IBM OpenPages with Watson information disclosure

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuratio...

4.3CVSS0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.6 views

PT-2025-28657 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue concerns information disclosure of sensitive information due to weaker than expected security for certain REST endpoints used for administration. An authenticated user...

4.3CVSS5.7AI score0.00216EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.9 views

CVE-2024-1218

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible fo...

5.4CVSS6.5AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:18 a.m.6 views

CVE-2023-3271

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints...

8.2CVSS7.2AI score0.0092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:15 a.m.10 views

CVE-2023-30627

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. When combined with...

9CVSS6.8AI score0.01972EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:5 a.m.15 views

CVE-2022-2597

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts...

5.4CVSS6.8AI score0.00432EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:53 p.m.7 views

CVE-2020-9039

Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints they allow unauthenticated access.The /settings REST endpoint exposed by the projector process is an endpoint that...

9.8CVSS7AI score0.03939EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:28 p.m.12 views

CVE-2020-27848

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user mus...

8.8CVSS7.6AI score0.01223EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/05/06 7:49 p.m.15 views

CVE-2024-12225 Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default...

9.1CVSS9.1AI score0.00334EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/06 7:49 p.m.28 views

CVE-2024-12225 Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default...

9.1CVSS0.00334EPSS
Exploits0References2
OSV
OSV
added 2025/05/06 7:49 p.m.7 views

CVE-2024-12225 Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default...

9.1CVSS7.1AI score0.00334EPSS
Exploits0References6
Veracode
Veracode
added 2025/04/15 3:40 a.m.10 views

Remote Code Execution (RCE)

generator-jhipster-entity-audit is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe reflection caused by using Javers as the Entity Audit Framework, which allows malicious classes on the classpath to be exploited through exposed REST endpoints...

7.6CVSS7.3AI score0.00491EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/02 4:53 p.m.17 views

CVE-2025-30209

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tule...

5.3CVSS6.8AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2025/03/31 4:15 p.m.22 views

CVE-2025-30209

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tule...

5.3CVSS0.0035EPSS
Exploits0References4
CVE
CVE
added 2025/03/31 3:53 p.m.71 views

CVE-2025-30209

This CVE (CVE-2025-30209) concerns Tuleap, where an improper permission check allows an attacker to access release notes content or related information via the FRS REST endpoints. The vulnerability stems from access control weaknesses in the Tuleap software suite, specifically affecting the REST ...

5.3CVSS6.6AI score0.0035EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/03/31 3:53 p.m.31 views

CVE-2025-30209 Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tule...

5.3CVSS0.0035EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/31 3:53 p.m.12 views

CVE-2025-30209 Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tule...

5.3CVSS5.1AI score0.0035EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/28 12:0 a.m.12 views

CVE-2024-58130

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses...

7.2CVSS6.9AI score0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/28 12:0 a.m.21 views

CVE-2024-58130

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses...

7.2CVSS0.00217EPSS
Exploits0References2
Rows per page
Query Builder