Lucene search
K

4 matches found

OSV
OSV
added 2026/04/14 10:34 p.m.2 views

GHSA-MRQG-XMGM-RC5G XWiki's REST APIs can list all pages/spaces, leading to unavailability

Impact REST API endpoints like /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties list all available pages as part of the metadata for database list properties, which can exhaust available resources on large wikis. Patches Thi...

8.2CVSS5.7AI score0.00405EPSS
Exploits0References5
NVD
NVD
added 2025/12/13 4:16 p.m.5 views

CVE-2025-12512

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

4.3CVSS0.00336EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.5 views

PT-2025-5713 · Cisco · Cisco Secure Web Appliance +2

Name of the Vulnerable Software and Affected Versions: Cisco Secure Email and Web Manager affected versions not specified Cisco Secure Email Gateway affected versions not specified Cisco Secure Web Appliance affected versions not specified Description: A vulnerability in Simple Network Management...

4.3CVSS6.9AI score0.00317EPSS
Exploits0References6
OSV
OSV
added 2020/10/07 5:15 p.m.6 views

CVE-2020-26876

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...

7.5CVSS7.2AI score0.09199EPSS
Exploits1References3
Rows per page
Query Builder