CVE-2025-48490 Laravel Rest Api has a Search Validation Bypass

Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, a...

Laravel Rest Api 安全漏洞

Laravel Rest Api is a Lomkit open source tool for generating Api in seconds. A security vulnerability exists in Laravel Rest Api versions prior to 2.13.0, which stems from an authentication bypass that could lead to the injection of unexpected or dangerous parameters...

Validation Bypass

lomkit/laravel-rest-api is vulnerable to a Validation Bypass. The vulnerability is due to how the framework merged validation rules across multiple contexts, allowing malicious actors to bypass expected validations and inject unexpected parameters...

Laravel Rest Api has a Search Validation Bypass

A validation bypass vulnerability was discovered prior to version 2.13.0, where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, and update actions, malicious actors...

Improper Use of Validation Framework

Overview lomkit/laravel-rest-api is an A package to build quick and robust rest api for the Laravel framework. Affected versions of this package are vulnerable to Improper Use of Validation Framework due to the way validation rules are merged across different contexts such as index, store, and...

PT-2025-23138 · Laravel · Laravel Rest Api

Name of the Vulnerable Software and Affected Versions: Laravel Rest Api versions prior to 2.13.0 Description: A validation bypass issue was discovered where multiple validations defined for the same attribute could be silently overridden. This occurs due to how the framework merges validation rul...

MAL-2025-4564 Malicious code in iot-sdk-device-client-rest-api (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7292c16917957be9e3511b347ab46a5b84d68d182f759d96859e22b934d013f Any computer that has this package installed or running should be considered...

CVE-2025-0580

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi=getOrders of the component REST API Module. The manipulation of the argument contentHash leads to...

CVE-2024-47161

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...

CVE-2024-20441

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could...

CVE-2024-20438

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this...

CVE-2024-20444

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...

CVE-2024-20477

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could...

CVE-2024-45591

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...

CVE-2024-20417

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...

CVE-2024-42464

Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9...

CVE-2024-30170

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,...

CVE-2024-25650

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This...

CVE-2024-1477

The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by th...

CVE-2024-1473

The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mo...