CVE-2025-29924

XWiki Platform contains an authorization bypass in subwikis that can expose private information via the REST API (and potentially other APIs) when rights like “Prevent unregistered users to view pages” or “Prevent unregistered users to edit pages” are enabled. Affected versions: before 15.10.14, ...

CVE-2025-29924 XWiki uses the wrong wiki reference in AuthorizationManager

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The...

CVE-2025-29924 XWiki uses the wrong wiki reference in AuthorizationManager

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The...

XWiki Platform 授权问题漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. An authorization issue vulnerability exists in XWiki Platform versions prior to 15.10.15, prior to 16.4.6, and prior to 16.10.0, which stems from the WikiManager REST API that could be...

PT-2025-11970 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 15.10.14 XWiki Platform versions prior to 16.4.6 XWiki Platform versions prior to 16.10.0-rc-1 Description: The issue allows an user to access private information through the REST API when a sub wiki is using...

CVE-2025-28886

Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...

CVE-2025-27494

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...

WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin REST API TO MiniProgram versions = 5.1.2...

CVE-2025-28886

Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...

CVE-2025-28886

CVE-2025-28886 : A CSRF vulnerability in the WordPress plugin REST API TO MiniProgram affects the REST API TO MiniProgram plugin (versions up to 4.7.1; WordPress records also reference up to 5.1.2). The issue enables Cross-Site Request Forgery, enabling an attacker to cause the application to per...

CVE-2025-28886 WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...

CVE-2025-28886 WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...

CVE-2025-27494

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...

Information Disclosure

Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...

CVE-2025-27494

CVE-2025-27494 affects Siemens SiPass integrated AC5102 (ACC-G2) and ACC-AP with all versions before V6.4.9. The issue stems from improper input sanitization at the REST API’s pubkey endpoint, enabling an authenticated remote administrator to inject commands that run with root privileges. Connect...

CVE-2025-27494

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...

CVE-2025-27494

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...

PT-2025-10746 · Unknown · Sipass Integrated Acc-Ap +1

Name of the Vulnerable Software and Affected Versions: SiPass integrated AC5102 ACC-G2 versions prior to V6.4.9 SiPass integrated ACC-AP versions prior to V6.4.9 Description: A vulnerability has been identified where affected devices improperly sanitize input for the "pubkey" endpoint of the REST...

BIT-JENKINS-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

BIT-JENKINS-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...