243 matches found
CVE-2025-24011 Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and...
CVE-2025-24011
Summary: CVE-2025-24011 affects Umbraco CMS (.NET). From 14.0.0 up to, but not including, 14.3.2 and 15.1.2, an attacker can determine whether an account exists by analyzing response codes and timing of the management API. Impact: information exposure; no availability/integrity impact claimed. Ve...
Umbraco 信息泄露漏洞
Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. An information disclosure vulnerability exists in Umbraco version 14.0.0 and earlier, which stems from the ability to determine the existence of an account based on an analysis of the response code and the...
CVE-2023-29117
Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system...
CVE-2023-29117 Authentication Bypass in JuiceBox Web Manager interface
Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system...
GHSA-78WR-2P64-HPWJ vulnerabilities
Vulnerabilities for packages: kafka, hadoop-client-modules, confluent-kafka, kserve, kserve-modelmesh, sonarqube, py3.10-vllm-cuda-11.8, confluent-kafka-jre-bcfips, apache-nifi, opensearch, zookeeper-fips, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0,...
CVE-2024-47554 vulnerabilities
Vulnerabilities for packages: kafka, hadoop-client-modules, confluent-kafka, kserve, kserve-modelmesh, sonarqube, py3.10-vllm-cuda-11.8, confluent-kafka-jre-bcfips, apache-nifi, opensearch, zookeeper-fips, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0,...
CVE-2024-46999
CVE-2024-46999 : Zitadel’s user grants deactivation did not work, allowing deactivated grants to remain in tokens and potentially grant access to apps/resources. The issue affected multiple older releases; management/auth API could return an active state or lack state information. Affected versio...
Information Disclosure
umbraco.cms is vulnerable Information Disclosure. The vulnerability is due to improper handling of error responses in the Management API, which causes stack trace information to be returned even when Umbraco is not in debug mode. It allows an attacker to gain access to internal details of the...
Generation of Error Message Containing Sensitive Information
Overview Umbraco.Cms.Web.Common is a package containing the web assembly needed to run Umbraco CMS. Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information. An attacker can obtain stack trace information that may include sensitive data by...
Generation of Error Message Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information. An attacker can obtain stack trace information that may include sensitive data by sending crafted requests to the Management API endpoints. Remediation Upgrade...
CVE-2024-43376
Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...
CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...
CVE-2024-43376
CVE-2024-43376 affects Umbraco CMS (ASP.NET). The vulnerability exists in the Management API where certain endpoints can return stack trace information even when Umbraco is not in debug mode. This could expose internal details. The issue is addressed in version 14.1.2 of Umbraco, with remediation...
CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...
CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...
PT-2024-30539 · Umbraco · Umbraco Cms
Name of the Vulnerable Software and Affected Versions: Umbraco CMS versions prior to 14.1.2 Description: The issue allows an authenticated user to access a few unintended endpoints. This is because a few endpoints in the Umbraco Management API were not properly protected, requiring only...
CVE-2024-29954
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the...
PT-2024-23168 · Brocade · Brocade Fabric Os
Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions prior to 9.2.1 Brocade Fabric OS versions prior to 9.2.0b Brocade Fabric OS versions prior to 9.1.1d Brocade Fabric OS versions prior to 8.2.3e Description: A vulnerability in the password management API prints...
GHSA-V2XM-76PQ-PHCF vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0...