4961 matches found
CVE-2025-39545 WordPress WordPress REST API Authentication <= 3.6.3 - Settings Change Vulnerability
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3...
WordPress plugin WordPress REST API Authentication 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2025-32945
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...
CVE-2025-32945 PeerTube Arbitrary Playlist Creation via REST API
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...
CVE-2025-32945
PeerTube CVE-2025-32945: A REST API flaw allows an authenticated user to add playlists to another user’s channel. The code creates the playlist with the requester as owner and sets the channel to the supplied ID without verifying ownership, enabling cross-user playlist creation. CVSS v3.1 base sc...
CVE-2025-32945 PeerTube Arbitrary Playlist Creation via REST API
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...
PT-2025-16336 · Peertube · Peertube
Name of the Vulnerable Software and Affected Versions: PeerTube affected versions not specified Description: The issue allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who...
CVE-2024-38865
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...
UBUNTU-CVE-2024-38865
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...
Moodle 4.5.x < 4.5.3 Unauthenticated REST API Data Exposure
According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.17 or 4.3.x prior to 4.3.11 or 4.4.x prior to 4.4.7 or 4.5.x prior to 4.5.3. It is, therefore, affected by a data exposure through the REST API. Note that the scanner has not tested for these issu...
PT-2025-15910
Name of the Vulnerable Software and Affected Versions OttoKit formerly SureTriggers versions 1.0.0 through 1.0.78 Description The vulnerability is related to an authentication bypass issue in the OttoKit WordPress plugin, which allows unauthenticated attackers to create administrator accounts on...
BIT-DOLIBARR-2023-38888
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject...
CVE-2025-30155
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8...
PT-2025-14480
Name of the Vulnerable Software and Affected Versions Moodle versions up to 4.5.2 Description The issue concerns an information disclosure in the REST API. Recommendations For versions up to 4.5.2, update to a version that contains a fix for this issue...
CVE-2025-30155
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8...
CVE-2025-30155 Tuleap does not enforce read permissions on parent trackers in the REST API
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8...
CVE-2025-30155 Tuleap does not enforce read permissions on parent trackers in the REST API
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8...
CVE-2025-30155 Tuleap does not enforce read permissions on parent trackers in the REST API
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8...
CVE-2025-30155
CVE-2025-30155 affects Tuleap: the REST API did not enforce read permissions on parent trackers, allowing potential unauthorized visibility. Affected versions include Tuleap Community Edition prior to 16.5.99.1742392651 and Tuleap Enterprise Edition prior to 16.5-5 and 16.4-8. The issue is resolv...
CVE-2024-6875
A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API...