VulnCheck KEV: CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...

Vulnerability fixed in Cisco Smart Software Manager On-Prem

Cisco has fixed a vulnerability in Cisco SSM On-Prem formerly known as Cisco Smart Software Manager Satellite SSM Satellite. The vulnerability allows an unauthenticated malicious person with access to Cisco Smart Software Manager On-Prem to change users' passwords by sending an HTTP request. If...

CVE-2024-40539

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...

CVE-2024-27784

Multiple Exposure of sensitive information to an unauthorized actor weaknesses CWE-200 vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files...

PT-2024-5557

Name of the Vulnerable Software and Affected Versions FortiAIOps version 2.0.0 Description The issue concerns the exposure of sensitive information to unauthorized actors. An authenticated, remote attacker may retrieve sensitive information from the API endpoint or log files. This is related to a...

Fortinet FortiAIOps 日志信息泄露漏洞

Fortinet FortiAIOps is a Fortinet networking solution that combines artificial intelligence and machine learning AI/ML from Fortinet. A log information disclosure vulnerability exists in Fortinet FortiAIOps version 2.0.0, which stems from an application that does not adequately protect sensitive...

PT-2024-27446

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned. Description It was identified that under certain specific preconditions, an API key that was originally created with specific privileges could be subsequently used to create new API keys that hav...

Malicious code in Chronos.Platform.Linux.API (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Basisregisters.PublicServicеRegistry.Aрi.Backoffice (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Basisregistеrs.PаrсеlRegistry.Api.Legacy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderеn.Basisregіsters.RoaԁRegistry.BackOffiсe.Api (NuGet)

--- -= Per source details. Do not edit below this line.=-...

CraftCMS Security Vulnerability

CraftCMS is a content management system from CraftCMS, Inc. A security vulnerability exists in CraftCMS version v3.7.31 and earlier versions. An attacker exploited the vulnerability to perform a SQL injection attack via a GraphQL API endpoint...

CVE-2024-24554

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API...

Bludit Security Breach

Bludit is an open source, lightweight blog content management system CMS. A security vulnerability exists in Bludit that stems from the use of predictable methods combined with the MD5 hash algorithm to generate sensitive tokens that allow an attacker to authenticate against the Bludit API...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from the possibility that certain APIs Application Programming Interfaces may send HTTP requests to the multifunction device without...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from the possibility that certain APIs Application Programming Interfaces may send HTTP requests to the multifunction device without...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO, which originates from an internal program within the multifunction device where certain APIs do not check for filename input, allowing arbitrary files t...

Dell Secure Connect Gateway Access Control Error Vulnerability

Dell Secure Connect Gateway is a secure connectivity gateway from Dell USA. An access control error vulnerability exists in Dell Secure Connect Gateway versions prior to 5.24.00.00, which stems from an improperly access-controlled internally maintained REST API that could be exploited by a remote...

CVE-2024-28022

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account...

WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Broken Access Control on API vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Master Addons for Elementor versions = 2.0.5.4.1...