243 matches found
CVE-2025-20210
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could...
CVE-2025-20210
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could...
CVE-2025-20210 Cisco Catalyst Center Unprotected API Endpoint
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could...
CVE-2025-20210
CVE-2025-20210 affects Cisco Catalyst Center (formerly Cisco DNA Center) where the management API lacks authentication. An unauthenticated remote attacker could read and modify the outgoing proxy configuration, potentially disrupting internet traffic or intercepting outbound traffic. Connected do...
PT-2025-20275 · Cisco · Cisco Catalyst Center
Name of the Vulnerable Software and Affected Versions: Cisco Catalyst Center affected versions not specified Description: A vulnerability in the management API could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This issue is due to the la...
Improper Authorization
github.com/nats-io/nats-server is vulnerable to Improper Authorization. The vulnerability is due to missing access restrictions due to certain JetStream management API requests lacking proper access controls, allowing unauthorized administrative actions across accounts...
GHSA-Q62R-8PPJ-XVF4 Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users
Impact Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. Patches The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1. Workarounds Umbraco supports the...
Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users
Impact Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. Patches The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1. Workarounds Umbraco supports the...
CVE-2025-32017
CVE-2025-32017 – Umbraco CMS : A path traversal vulnerability in the management API allows authenticated backoffice users to upload files to unintended locations in Umbraco 14+ installations. Root cause is insufficient validation in the management API, enabling uploads to incorrect paths. Affecte...
CVE-2025-32017 Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users
Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 an...
CVE-2025-32017 Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users
Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 an...
CVE-2025-0361
During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...
CVE-2025-0361
During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...
CVE-2025-0361
CVE-2025-0361 describes a vulnerability in Axis Communications’ VAPIX Device Configuration framework where unauthenticated username enumeration is possible via the VAPIX Device Configuration SSH Management API. Affected component is the VAPIX Device Configuration framework (Axis OS context cited ...
PT-2025-15356 · Axis Communications · Vapix Device Configuration Framework
Name of the Vulnerable Software and Affected Versions: Axis Communications VAPIX Device Configuration framework affected versions not specified Description: The issue concerns a flaw in the VAPIX Device Configuration framework, allowing unauthenticated username enumeration. This is achieved throu...
WordPress plugin SMM API 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
MAL-2025-2823 Malicious code in @uniqa/security-code-ms-api (npm)
--- -= Per source details. Do not edit below this line.=-...
Account Enumeration
umbraco.cms is vulnerable to Account Enumeration. The vulnerability is due to discrepancies in response codes and the timing of Umbraco management API responses, which allow attackers to infer the existence of specific accounts...
GHSA-HMG4-WWM5-P999 Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes
Impact Based on an analysis of response codes and timing of Umbraco 14+ management API responses, it's possible to determine whether an account exists. Patches Patched in 14.3.2 and 15.1.2. Workarounds None available...
CVE-2025-24011 Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and...