43 matches found
CVE-2026-0504
CVE-2026-0504 affects SAP Identity Management REST interface. The issue arises from insufficient input handling that allows an authenticated administrator to send crafted REST requests processed by JNDI operations without proper input neutralization. According to multiple sources, this can lead t...
EUVD-2016-2401
Malware in sbrugna...
EUVD-2024-47588
Malicious code in bioql PyPI...
Privilege Escalation
Doccano Auto Labeling Pipeline vulnerable to Privilege Escalation. The vulnerability is due to improper validation of REST requests, which allows a remote attacker to escalate privileges via a crafted request...
CVE-2024-6504
Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the conso...
CVE-2024-6504
Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the conso...
PT-2024-37675 · Rapid7 · Rapid7 Insightvm Console
Name of the Vulnerable Software and Affected Versions: Rapid7 InsightVM Console versions prior to 6.6.261 Description: The issue is related to a protection mechanism failure, where an attacker with network access can cause the console to overload or crash by sending repeated invalid REST requests...
FlyteAdmin SQL Injection Vulnerability
FlyteAdmin is a control plane for Flyte open source. Responsible for managing entities tasks, workflows, startup plans and managing workflow execution. A SQL injection vulnerability exists in FlyteAdmin versions prior to 1.1.124, which stems from the presence of a SQL vulnerability that allows a...
Flyte Admin SQL Injection in List Filters
Impact List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters. Workarounds The attacker needs to have access to the flyteadmin installation typically either behind a VPN or authentication. References...
GHSA-R847-6W6H-R8G4 Flyte Admin SQL Injection in List Filters
Impact List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters. Workarounds The attacker needs to have access to the flyteadmin installation typically either behind a VPN or authentication. References...
SUSE CVE-2012-1987
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream tha...
Puppet Denial of Service and Arbitrary File Write
A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream that triggers...
GHSA-V58W-6XC2-W799 Puppet Denial of Service and Arbitrary File Write
A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream that triggers...
Puppet Denial of Service and Arbitrary File Write
A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream that triggers...
Token Leakage
OpenStack Telemetry ceilometer is vulnerable to token leakage. It does not escape authentication token used in REST requests XAUTHTOKEN, allowing a malicious user having read access to massage queue to gain access to the token and to escalate the privileges...
WordPress MapSVG Lite 3.2.3 Cross Site Request Forgery
Details ================ Software: MapSVG Lite Version: 3.2.3 Homepage: https://en-gb.wordpress.org/plugins/mapsvg-lite-interactive-vector-maps/ Advisory report: https://advisories.dxw.com/advisories/csrf-mapsvg-lite/ CVE: Awaiting assignment CVSS: 5.8 Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N Descripti...
CVE-2017-16858
The 'crowd-application' plugin module notably used by the Google Apps plugin in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given th...
Design/Logic Flaw
The 'crowd-application' plugin module notably used by the Google Apps plugin in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given th...
CVE-2017-16858
The CVE-2017-16858 issue affects Atlassian Crowd’s crowd-application plugin (used by Google Apps) where versions 1.5.0–3.1.1 allow impersonation of a Crowd user in REST requests by authenticating to a directory bound to an application. In the described scenario, if Crowd is bound to directory 1 w...
CVE-2016-6249
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files...