CVE-2025-4302

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

CVE-2025-4302 Stop User Enumeration < 1.7.3 - Protection Bypass

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

PT-2025-29904

Name of the Vulnerable Software and Affected Versions Stop User Enumeration WordPress plugin versions prior to 1.7.3 Description The Stop User Enumeration WordPress plugin blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. This protection can be bypassed by URL-encoding the...

CVE-2025-20272

CVE-2025-20272 : Affects a subset of REST APIs in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). An authenticated, low-privilege remote attacker could exploit insufficient input validation to perform a blind SQL injection, potentially viewing data from database ...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 - F5 BIG-IP iControl REST Authentication Bypass...

WordPress Sharable Password Protected Posts Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress Sharable Password Protected Posts, which stems from the REST API exposing a key that can be exploited by an...

CVE-2025-34101 Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter

An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component default port 23423. The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to...

Exploit for CVE-2024-25600

Bricks Builder RCE Exploit CVE-2024-25600 This project cont...

PT-2025-28896 · Ibm · Ibm Openpages

Name of the Vulnerable Software and Affected Versions: IBM OpenPages version 9.0 Description: IBM OpenPages 9.0 is susceptible to the disclosure of sensitive information. This is due to insufficient security measures implemented for specific REST API endpoints associated with the workflow...

CVE-2025-5920

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...

CVE-2025-5920

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...

CVE-2025-5920

CVE-2025-5920 affects the WordPress plugin Sharable Password Protected Posts (versions

CVE-2025-5920 Sharable Password Protected Posts < 1.1.1 - Unauthenticated Password Protect Post Access

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...

CVE-2025-5920 Sharable Password Protected Posts < 1.1.1 - Unauthenticated Password Protect Post Access

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...

CVE-2025-32918

Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, and 2.1.0 EOL allows an authenticated user to inject arbitrary Livestatus commands...

UBUNTU-CVE-2025-32918

Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, and 2.1.0 EOL allows an authenticated user to inject arbitrary Livestatus commands...

Exploit for Server-Side Request Forgery in Apache Kafka

Disclaimer: The vulnerabilities described in this article and...

PT-2025-27894 · Unknown · Sharable Password Protected Posts

Name of the Vulnerable Software and Affected Versions: Sharable Password Protected Posts version 1.1.1 and earlier Description: The issue allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API. Recommendations: For...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the restful api-v1 endpoint. An attacker can gain unauthorized access to sensitive operations by submitting jobs through the /hazelcast/rest/maps/submit-job endpoint and setting extra...

Fedora 42 : kea (2025-dc6ec0a8e2)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-dc6ec0a8e2 advisory. - New version 2.6.3 rhbz2368989 - Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803 - kea.conf: Remove /tmp/ from socket-name for existing...