CVE-2019-19030

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...

Code injection

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...

CVE-2019-19030

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...

CVE-2022-44013

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked...

PT-2022-22594 · Unknown · Boodskap Iot Platform

Name of the Vulnerable Software and Affected Versions: Boodskap IoT Platform version 4.4.9-02 Description: The issue allows attackers to make unauthenticated API requests. Recommendations: For Boodskap IoT Platform version 4.4.9-02, consider restricting access to API endpoints to prevent...

CVE-2022-35136

Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests...

CVE-2022-35136

CVE-2022-35136 affects Boodskap IoT Platform v4.4.9-02. The issue allows attackers to make unauthenticated API requests, with the CVSS 3.1 vector indicating network access, low attack complexity, and a low privileges requirement, but high integrity impact (I:H). Public references identify /api en...

CVE-2020-15345

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zygetinstancesforupdate API...

CVE-2020-15342

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluser API...

CVE-2020-15345

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zygetinstancesforupdate API...

CVE-2020-15342

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluser API...

CVE-2020-15343

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluserkey API...

Code injection

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluserkey API...

CVE-2022-36129

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...

Denial of service

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...

CVE-2022-36129

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...

HashiCorp Vault 访问控制错误漏洞

HashiCorp Vault is a private key access management tool from HashiCorp, Inc. in the United States. A security vulnerability exists in HashiCorp Vault Enterprise versions 1.7.0 through 1.9.7 and 1.10.4 through 1.11.0, which stems from the exposure of an unauthenticated API endpoint that could be...

CVE-2021-46006

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication...

CVE-2021-46006

CVE-2021-46006 affects Totolink A3100R devices (V5.9c.4577). The vulnerability stems from an unauthenticated, API-like function in the fileing/test.asp, which allows an attacker to configure multiple settings without authentication. Documented impact includes exposure to unauthorized configuratio...

Vivoh Webinar Manager 授权问题漏洞

Vivoh Webinar Manager is a multicast application manager from the Vivoh team. A security vulnerability exists in the API prior to Vivoh Webinar Manager version 3.6.3.0 that stems from incorrect API authentication. When a user logs into the Management Configuration Web Portlet, a VIVOHAUTH cookie ...