17 matches found
CVE-2026-41454 WeKan < 8.35 Missing Authorization via Integration REST API
WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...
PT-2026-21996
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to 18.9.1 Description A flaw exists in GitLab CE/EE that, under specific conditions, could allow an unauthenticated user to disrupt service by sending crafted requests to a CI jobs API endpoint. The issue involves...
CVE-2024-39864
The CloudStack integration API service allows running its unauthenticated API server usually on port 8096 when configured and enabled via integration.api.port global setting for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is...
GitLab 8.14 < 18.0.6 / 18.1 < 18.1.4 / 18.2 < 18.2.2 (CVE-2025-1477)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a deni...
UBUNTU-CVE-2025-1477
An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoin...
CVE-2024-39864
The CloudStack integration API service allows running its unauthenticated API server usually on port 8096 when configured and enabled via integration.api.port global setting for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is...
CVE-2024-39864
The CloudStack integration API service allows running its unauthenticated API server usually on port 8096 when configured and enabled via integration.api.port global setting for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is...
CVE-2024-39864
The CVE-2024-39864 issue affects Apache CloudStack's Integration API service. When integration.api.port is set to 0 (default), an improper initialisation causes the unauthenticated integration API server to listen on a random port. An attacker with access to the CloudStack management network coul...
CVE-2024-39864 Apache CloudStack: Integration API service uses dynamic port when disabled
The CloudStack integration API service allows running its unauthenticated API server usually on port 8096 when configured and enabled via integration.api.port global setting for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is...
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...
Design/Logic Flaw
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...
Malicious code in belvo-integration-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac824b7c99a8a91cbe9763de97d360c8def2db872f6067120575f5672bf27ee2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1495 Malicious code in belvo-integration-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac824b7c99a8a91cbe9763de97d360c8def2db872f6067120575f5672bf27ee2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2017-0925
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password...
CVE-2016-1373
The gadgets-integration API in Cisco Finesse 8.51 through 8.55, 8.61, 9.01, 9.02, 9.11, 9.11SU1, 9.11SU1.1, 9.11ES1 through 9.11ES5, 10.01, 10.01SU1, 10.01SU1.1, 10.51, 10.51ES1 through 10.51ES4, 10.51SU1, 10.51SU1.1, 10.51SU1.7, 10.61, 10.61SU1, 10.61SU2, and 11.01 allows remote attackers to...
xMatters Alarmpoint BoF-0day
Exploit for linux platform in category remote exploits Information -------------------- Name : Heap Buffer Overflow in xMatters AlarmPoint APClient Version: APClient 3.2.0 native Software : xMatters AlarmPoint Vendor Homepage : http://www.xmatters.com Vulnerability Type : Heap Buffer Overflow Md5...