Lucene search
K

243 matches found

OSV
OSV
added 2025/05/07 6:15 p.m.3 views

CVE-2025-20210

A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could...

7.3CVSS5.8AI score0.00348EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 6:15 p.m.18 views

CVE-2025-20210

A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could...

7.3CVSS0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/07 5:16 p.m.13 views

CVE-2025-20210 Cisco Catalyst Center Unprotected API Endpoint

A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could...

7.3CVSS7.2AI score0.00348EPSS
Exploits0References1
CVE
CVE
added 2025/05/07 5:16 p.m.77 views

CVE-2025-20210

CVE-2025-20210 affects Cisco Catalyst Center (formerly Cisco DNA Center) where the management API lacks authentication. An unauthenticated remote attacker could read and modify the outgoing proxy configuration, potentially disrupting internet traffic or intercepting outbound traffic. Connected do...

7.3CVSS7.2AI score0.00348EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.6 views

PT-2025-20275 · Cisco · Cisco Catalyst Center

Name of the Vulnerable Software and Affected Versions: Cisco Catalyst Center affected versions not specified Description: A vulnerability in the management API could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This issue is due to the la...

7.3CVSS6.4AI score0.00348EPSS
Exploits0References7
Veracode
Veracode
added 2025/04/23 2:4 p.m.8 views

Improper Authorization

github.com/nats-io/nats-server is vulnerable to Improper Authorization. The vulnerability is due to missing access restrictions due to certain JetStream management API requests lacking proper access controls, allowing unauthorized administrative actions across accounts...

9.6CVSS6.5AI score0.00529EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2025/04/09 12:49 p.m.10 views

GHSA-Q62R-8PPJ-XVF4 Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users

Impact Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. Patches The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1. Workarounds Umbraco supports the...

8.8CVSS6.8AI score0.00542EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/04/09 12:49 p.m.24 views

Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users

Impact Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. Patches The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1. Workarounds Umbraco supports the...

8.8CVSS6.8AI score0.00542EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/04/08 3:37 p.m.182 views

CVE-2025-32017

CVE-2025-32017 – Umbraco CMS : A path traversal vulnerability in the management API allows authenticated backoffice users to upload files to unintended locations in Umbraco 14+ installations. Root cause is insufficient validation in the management API, enabling uploads to incorrect paths. Affecte...

8.8CVSS7.1AI score0.00542EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/04/08 3:37 p.m.25 views

CVE-2025-32017 Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users

Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 an...

8.8CVSS0.00542EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/08 3:37 p.m.15 views

CVE-2025-32017 Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users

Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 an...

8.8CVSS7.1AI score0.00542EPSS
Exploits0References3
NVD
NVD
added 2025/04/08 6:15 a.m.9 views

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

5.3CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/08 5:38 a.m.27 views

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

4.3CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2025/04/08 5:38 a.m.88 views

CVE-2025-0361

CVE-2025-0361 describes a vulnerability in Axis Communications’ VAPIX Device Configuration framework where unauthenticated username enumeration is possible via the VAPIX Device Configuration SSH Management API. Affected component is the VAPIX Device Configuration framework (Axis OS context cited ...

5.3CVSS7.2AI score0.00283EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.7 views

PT-2025-15356 · Axis Communications · Vapix Device Configuration Framework

Name of the Vulnerable Software and Affected Versions: Axis Communications VAPIX Device Configuration framework affected versions not specified Description: The issue concerns a flaw in the VAPIX Device Configuration framework, allowing unauthenticated username enumeration. This is achieved throu...

4.3CVSS6.3AI score0.00283EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.5 views

WordPress plugin SMM API 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.5CVSS6.6AI score0.00235EPSS
Exploits0References2
OSV
OSV
added 2025/03/28 12:34 p.m.8 views

MAL-2025-2823 Malicious code in @uniqa/security-code-ms-api (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Veracode
Veracode
added 2025/01/27 3:8 a.m.15 views

Account Enumeration

umbraco.cms is vulnerable to Account Enumeration. The vulnerability is due to discrepancies in response codes and the timing of Umbraco management API responses, which allow attackers to infer the existence of specific accounts...

5.3CVSS6.6AI score0.01451EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/01/21 9:21 p.m.16 views

GHSA-HMG4-WWM5-P999 Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes

Impact Based on an analysis of response codes and timing of Umbraco 14+ management API responses, it's possible to determine whether an account exists. Patches Patched in 14.3.2 and 15.1.2. Workarounds None available...

5.3CVSS5.1AI score0.01451EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/01/21 3:27 p.m.31 views

CVE-2025-24011 Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and...

5.3CVSS0.01451EPSS
Exploits1References3
Rows per page
Query Builder