15 matches found
PT-2026-41370
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's admin id. This can...
CVE-2020-7018
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
EUVD-2020-28155
Malware in sbrugna...
CVE-2025-29513
Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator...
Owncast Path Traversal vulnerability
Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The...
CVE-2024-31450 Owncast vulnerable to arbitrary file deletion in emoji.go (GHSL-2023-277)
Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The...
CVE-2021-46687
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versio...
PT-2022-12902 · Jfrog · Jfrog Artifactory
Name of the Vulnerable Software and Affected Versions: JFrog Artifactory versions prior to 7.31.10 JFrog Artifactory versions prior to 6.23.38 Description: The issue affects JFrog Artifactory, where sensitive data exposure can occur through the Project Administrator REST API. Recommendations: For...
Marval MSM 安全漏洞
Marval MSM is an innovative IT Service Management software from Marval UK. A security vulnerability exists in Marval MSM version v14.19.0.12476, which stems from an insecure Direct Object Reference IDOR vulnerability that allows even a low-privileged user to view other user's API keys, including...
CVE-2021-35941
Western Digital WD My Book Live 2.x and later and WD My Book Live Duo all versions have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472...
Western Digital WD My Book Live 访问控制错误漏洞
Western Digital WD My Book Live is a network storage device from Western Digital. A security vulnerability exists in Western Digital WD My Book Live 2.x and earlier versions and WD My Book Live Duo, which stems from the fact that the products have an administrator API that can be exploited by an...
CVE-2020-7018
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
CVE-2020-7018
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
Default credentials
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
CVE-2020-7018
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...