241 matches found
PT-2025-30552 · U-Link · U-Link
Name of the Vulnerable Software and Affected Versions: Cisco u-link affected versions not specified Description: An unauthenticated remote attacker may exploit a stack-based buffer overflow in the u-link Management API to gain full access to affected devices. Recommendations: At the moment, there...
CVE-2025-46116
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command !v54! via a management API call and then invoke it t...
CVE-2025-46116
CVE-2025-46116 affects CommScope Ruckus Unleashed (versions prior to 200.15.6.212.14 and 200.17.7.0.139) and Ruckus ZoneDirector (prior to 10.5.1.0.279). An authenticated attacker can disable the passphrase requirement for a hidden CLI command !v54! via a management API call, then invoke it to es...
CVE-2025-46116
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command !v54! via a management API call and then invoke it t...
CVE-2025-46116
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command !v54! via a management API call and then invoke it t...
CVE-2025-49828
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secre...
CVE-2025-34076
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
GHSA-J64V-XH5W-8HQJ Microweber CMS API has authenticated local file inclusion vulnerability
An authenticated local file inclusion vulnerability exists in Microweber CMS versions 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By specifyi...
CVE-2025-34076
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
CVE-2025-34076
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
PT-2025-27668 · Unknown · Microweber Cms
Name of the Vulnerable Software and Affected Versions: Microweber CMS versions = 1.2.11 Description: An authenticated local file inclusion issue exists due to the misuse of the backup management API. Authenticated users can exploit the /api/BackupV2/upload and /api/BackupV2/download endpoints to...
Sitecore Experience Platform和Sitecore Experience Manager 信任管理问题漏洞
Sitecore Experience Platform XP and Sitecore Experience Manager XM are both products of Sitecore, Denmark.Sitecore Experience Platform is a suite of customer digital experience platforms.Sitecore Sitecore Experience Platform is a customer digital experience platform and Sitecore Experience Manage...
CVE-2025-46548
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
CVE-2025-46548 Apache Pekko Management, Apache Pekko Management, Apache Pekko Management, Akka Management, Akka Management, Akka Management: management API basic authentication is not effective
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
CVE-2025-24011
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and...
CVE-2024-43376
Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...
CVE-2025-20210
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could...
CVE-2025-20210
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could...