Lucene search
K

171 matches found

CVE
CVE
added 2024/06/14 3:40 a.m.85 views

CVE-2024-27163

CVE-2024-27163 affects Toshiba printers (notably MFPs/e-Studio). It exposes admin passwords (and additional passwords) in clear-text when two specific HTTP requests are sent to the internal API; an attacker who can steal an admin cookie or exploit XSS can recover these passwords and compromise th...

6.5CVSS6.9AI score0.0042EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.4 views

PT-2024-22652 · Dell · Dell Scg

Name of the Vulnerable Software and Affected Versions: Dell SCG versions prior to 5.24.00.00 Description: The issue is related to an Improper Access Control vulnerability in the SCG exposed for an internal update REST API. This API is only accessible if enabled by an Admin user from the UI. A...

4.3CVSS7.3AI score0.00424EPSS
Exploits0References3
OSV
OSV
added 2024/03/22 12:19 a.m.10 views

MGASA-2024-0079 Updated libuv packages fix security vulnerability

It was discovered that the uvgetaddrinfo function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks. CVE-2024-24806...

7.3CVSS7.1AI score0.02003EPSS
Exploits1References5
Hacker One
Hacker One
added 2024/03/21 6:47 p.m.85 views

Internet Bug Bounty: Libuv: Improper Domain Lookup that potentially leads to SSRF attacks

The vulnerability in the libuv library was caused by the improper truncation of hostnames to 256 characters before calling the getaddrinfo function. This behavior allowed the creation of addresses like 0x00007f000001, which were considered valid by getaddrinfo, potentially leading to SSRF attacks...

7.3CVSS7.4AI score0.02003EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/01/08 9:4 a.m.2 views

CVE-2023-29051

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users...

8.1CVSS8AI score0.00546EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/07/21 10:41 p.m.4 views

Malicious code in @mendeley-internal/api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bf5f20cb296d38e4859cdddfe26a5243135d149cd3f20f393a7a088c159110c Withdrawn Advisory This advisory has been withdrawn because it was generated erroneously. This link is maintained to preserve external references. Origin...

7AI score
Exploits0References1
Wallarm Lab
Wallarm Lab
added 2023/06/01 6:52 p.m.52 views

Private APIs at Risk: Q1-2023 API ThreatStats™ Report

According to a Mar-2022 API survey by Gartner, 98% of organizations use or are planning to use internal APIs – up from 88% in 2019. And 90% of organizations use or are planning to use private APIs provided by partners – up from 68% in 2019. Obviously, there’s a big blind spot in your API security...

7.5CVSS7.4AI score0.15729EPSS
Exploits0
NVD
NVD
added 2023/03/31 11:15 p.m.33 views

CVE-2023-28645

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

6.5CVSS5.9AI score0.00745EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/31 10:8 p.m.8 views

CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

5.7CVSS6.4AI score0.00745EPSS
Exploits0References3
Nextcloud
Nextcloud
added 2023/03/31 9:24 a.m.67 views

Secure view can be bypassed by using internal API endpoint

None...

6.5CVSS6.3AI score0.00745EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/03/23 5:15 p.m.4 views

CVE-2023-20059

A vulnerability in the implementation of the Cisco Network Plug-and-Play PnP agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper...

6.5CVSS6.7AI score0.00407EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/03/22 4:0 p.m.4 views

CVE-2023-20059

A vulnerability in the implementation of the Cisco Network Plug-and-Play PnP agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper...

6.5CVSS6.7AI score0.00407EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2022/12/13 12:0 a.m.46 views

Veeam Backup & Replication Remote Code Execution Vulnerability

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

8.8CVSS7.2AI score0.05942EPSS
In wildExploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/12/13 12:0 a.m.66 views

Veeam Backup & Replication Remote Code Execution Vulnerability

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

10CVSS7.2AI score0.04279EPSS
In wildExploits0
VulnCheck KEV
VulnCheck KEV
added 2022/10/24 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-26500

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

8.8CVSS7.5AI score0.05942EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/10/24 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-26501

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

10CVSS7.5AI score0.04279EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.2 views

Open-Xchange OX App Suite 安全特征问题漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security feature issue vulnerability exists in Open-Xchange OX App Suite versions prior to 7.10.6 that stems from a conflict that can change the parameters of an API request between OX App...

6.5CVSS6.6AI score0.00855EPSS
Exploits1References5
Hacker One
Hacker One
added 2022/07/06 2:2 p.m.9 views

U.S. Dept Of Defense: Unauthenticated access to internal API at██████████.███.edu [HtUS]

There was unauthenticated access to internal API at██████████.███.edu. Multiple API calls allowed an attacker to gain access to the internal API via the Azure API url appg3entcalapi.azurewebsites.net. The access to█████.██████.edu was only supposed to be available to internal users...

7.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:16 p.m.4 views

Malicious code in @igdb/internal-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ec79cfda0dc3373cf41672610a4ab803332e33b369873a2d18a0932ba8b807d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:16 p.m.8 views

MAL-2022-348 Malicious code in @igdb/internal-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ec79cfda0dc3373cf41672610a4ab803332e33b369873a2d18a0932ba8b807d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder