aEnrich a+HRD 安全漏洞

aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. The aEnrich a+HRD has a security vulnerability that allows an unauthenticated, remote attacker to control the system or disrupt services by uploading and executing malicious scripts using API functions...

CVE-2022-20755

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...

PT-2022-10154 · Unknown · Mdt Autosave

Name of the Vulnerable Software and Affected Versions: MDT AutoSave versions prior to v6.02.06 Description: An issue exists where an attacker could leverage an API to pass a malicious file, manipulating the process creation command line and potentially running a command line argument. This could...

CVE-2022-27851

Cross-Site Request Forgery CSRF in Use Any Font WordPress plugin = 6.1.7 allows an attacker to deactivate the API key...

CVE-2022-27919

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API...

CVE-2022-25512

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

PT-2022-16851 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.8.2 Description: The issue is a result of improper API route checking, allowing modification of customers and creation of orders without App Permission. This affects Shopware, an open commerce platform based on...

PT-2022-1785 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: The issue is related to multiple vulnerabilities in the API and web-based management interfaces of the affected devices...

CVE-2022-20650

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...

CVE-2022-20650

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...

Aruba AOS-CX 跨站脚本漏洞

Aruba AOS-CX is a modern programmable network from Aruba, USA. The Aruba OS AOS-CX suffers from a cross-site scripting vulnerability that stems from a lack of filtering and escaping of user-submitted parameters in the software. An attacker can trigger cross-site scripting in AOS-CX via the...

Portainer 代码问题漏洞

A code issue vulnerability exists in Portainer Agent, a lightweight user management interface for managing Docker environments and Docker hosts, which stems from the product's failure to associate Portainer instances with past time. An attacker could exploit the vulnerability to cause the API...

CVE-2022-23858

A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2...

CVE-2021-37867

Mattermost Boards plugin v0.10.0 and earlier fails to protect email addresses of all users via one of the Boards APIs, which allows authenticated and unauthorized users to access this information resulting in sensitive & private information disclosure...

Jimoty 信任管理问题漏洞

Jimoty is a Web site of Jimoty Japan, Inc. It is used to provide help, information dissemination and other services to local people. Jimoty App for Android is vulnerable to a trust management issue, which exists due to hard-coded credentials in the application code. A local attacker could exploit...

CVE-2021-42748

In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API...

NumPy 安全漏洞

NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrix calculations, as well as providing a large library of mathematical functions for data operations. A security vulnerability exists in NumPy 1.9 that stems from incomplete string...

Cvxopt 安全漏洞

Cvxopt is a freeware package for convex optimization based on the Python programming language. cvxopt A security vulnerability exists in cvxop 1.2.6 and earlier versions, which stems from incomplete string comparisons in the API. An attacker can use this vulnerability to conduct a denial of servi...

An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification

...

GHSA-GFHX-JJWQ-63GV Cross-site Scripting in Apereo CAS

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...