XunRuiCMS 代码问题漏洞

XunRuiCMS XunRuiCMS is a content management system for individual developers of XunRuiCMS. A code issue vulnerability exists in XunRuiCMS version 4.6.4 and prior versions, which stems from a deserialization issue contained in the thumb parameter of /Control/Api/Api.php...

CVE-2024-42760

SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component...

CVE-2024-21793

An OData injection vulnerability exists in the BIG-IP Next Central Manager API URI. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

The vulnerability of the ‎AlertUtil::validateExpression (/api/v1/events/subscriptions) method of the OpenMetadata metadata management platform allows a perpetrator to execute arbitrary code.

The vulnerability of the ‎AlertUtil::validateExpression /api/v1/events/subscriptions method of the OpenMetadata platform is related to improper handling of code generation. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2024-0580

Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter '/qsige.locator/quotePrevious/centers/X', where X supports values 1,2,3,...

CVE-2024-0510

A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function httppost of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched...

CVE-2023-6757

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /adplanet/PlanetUser of the component API. The manipulation leads to information disclosure. The attack can be launched remotely. The...

CVE-2023-5329

A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used...

SUSE CVE-2023-5002

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

Ruijie Networks RG-EW1200G Access Control Error Vulnerability

Ruijie Networks RG-EW1200G is a wireless router from Ruijie Networks China. An access control error vulnerability exists in Ruijie Networks RG-EW1200G version 1.01B1P5, which originates from an access control error vulnerability in file /api/sys/setpasswd...

CVE-2023-37600

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting XSS vulnerability via the id parameter at /api?path=profile...

CVE-2023-38617

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting XSS vulnerability via the filter parameter at /api?path=files...

CVE-2023-38617

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting XSS vulnerability via the filter parameter at /api?path=files...

IBOS SQL注入漏洞

IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS 4.5.4 and earlier versions, which stems from a problem with the file /?r=email/api/mark&op=delFromSend, where manipulation of the parameter emailids can lead to sql injection...

8x8 Bounty: connect.8x8.com: Blind SSRF via /api/v2/chats/image-check allows for Internal Ports scan

A Blind SSRF vulnerability was discovered in the 8x8 Connect application's ChatApps module, which allowed for internal port scans via the /api/v2/chats/image-check API path and the url JSON parameter. The vulnerability was resolved by retiring the entire API path...

SUSE CVE-2014-9649

Cross-site scripting XSS vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message...

PT-2023-15900 · Unknown · Visegripped Stracker

Name of the Vulnerable Software and Affected Versions: visegripped Stracker affected versions not specified Description: A critical vulnerability was found in visegripped Stracker. The issue affects the getHistory function of the file doc root/public html/stracker/api.php. The manipulation of the...

CVE-2022-3729

A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this...

PT-2022-5341 · Cisco · Cisco Roomos +1

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence Collaboration Endpoint CE Software affected versions not specified Cisco RoomOS Software affected versions not specified Description: The issue is related to incorrect directory path restriction in the xAPI component of the...

Exposure of Resource to Wrong Sphere in Spring Data REST

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...