1388 matches found
VulnCheck KEV: CVE-2021-42567
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...
QSIGE Security Vulnerabilities
QSIGE is an intelligent waiting management system from QSIGE, Inc. A security vulnerability exists in QSIGE that stems from omitting key control authorization, allowing an attacker to extract sensitive information from the API...
Plotly.js Security Vulnerability
Plotly.js is Plotly open source an independent Javascript data visualization library . Plotly.js version before 2.25.2 has a security vulnerability , the vulnerability stems from a prototype contamination problem in the API call...
PT-2023-32722 · WordPress · Essential Blocks
Name of the Vulnerable Software and Affected Versions: The Essential Blocks WordPress plugin versions prior to 4.4.3 Description: The issue allows unauthenticated attackers to overwrite local variables when rendering templates over the REST API, potentially leading to Local File Inclusion attacks...
PT-2023-9808
Name of the Vulnerable Software and Affected Versions Proxmox Virtual Environment versions 8.2.2 and earlier Description The issue is related to insufficient safeguards against malicious API response values in Proxmox Virtual Environment, allowing authenticated attackers with 'Sys.Audit' or...
Nextcloud Access Control Error Vulnerability
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. An Access Control Error vulnerability exists in Nextcloud Server, which stems from the ability to delete and modify workflows by bypassing calls sent direct...
CVE-2023-27319
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API...
Mozilla Firefox Security Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 121, which stems from a lack of exception handling in TypedArray, leading to abuse of other APIs...
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from the fact that under...
PT-2023-32783 · Microweber · Microweber
Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 2.0 Description: A vulnerability has been identified in microweber where users can exploit business logic errors to obtain items at a lower price. This occurs when the admin disables the use of the coup...
Progress Software WhatsUp Gold Access Control Error Vulnerability
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...
CVE-2023-6758
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit...
Palo Alto Networks PAN-OS 安全漏洞
Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. Palo Alto Networks PAN-OS suffers from a command injection vulnerability that stems from a failure to properly filter construct command special characters, commands, etc. in the XML API. An attacker cou...
IceCMS Information Disclosure Vulnerability
IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation of NgShow individual developers. An information leakage vulnerability exists in IceCMS version 2.0.1, which originates from the presence of an unknown function in /adplanet/PlanetUser in the API...
CVE-2023-36647
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...
ProLion CryptoSpike Security Vulnerability
ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2 that stems from SQL injection when a user searches a REST API endpoint...
CVE-2023-49241
API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality...
AXIS OS Path Traversal Vulnerability
AXIS Os is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from the VAPIX API irissetup.cgi being susceptible to a path traversal attack that allows file deletion...
Zulip security vulnerability
Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in Zulip version 7.5 that stems from the fact that an active user who previously subscrib...
CVE-2023-36553
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to...