4 matches found
GHSA-MRQG-XMGM-RC5G XWiki's REST APIs can list all pages/spaces, leading to unavailability
Impact REST API endpoints like /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties list all available pages as part of the metadata for database list properties, which can exhaust available resources on large wikis. Patches Thi...
CVE-2025-12512
The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...
PT-2025-5713 · Cisco · Cisco Secure Web Appliance +2
Name of the Vulnerable Software and Affected Versions: Cisco Secure Email and Web Manager affected versions not specified Cisco Secure Email Gateway affected versions not specified Cisco Secure Web Appliance affected versions not specified Description: A vulnerability in Simple Network Management...
CVE-2020-26876
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...