5 matches found
CVE-2025-63291
When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying...
CVE-2025-63291
Summary: CVE-2025-63291 affects Alteryx Server versions 2022.1.1.42654 and 2024.1. Issue: When processing API requests, the server uses MongoDB object IDs to identify data but does not verify that the authenticated user has permission to access the specified object ID, enabling access to records ...
CVE-2025-44823
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...
CVE-2025-44823
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...
PT-2025-41174
Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1.3.2 Description Nagios Log Server before version 2024R1.3.2 contains a flaw that allows authenticated users to retrieve cleartext administrative API keys. This is achieved by making a call to the...