4960 matches found
CVE-2024-12028
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...
CVE-2024-12028 Friends <= 3.2.1 - Missing Authorization
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...
CVE-2024-12028
The CVE-2024-12028 entry covers the WordPress Friends plugin (up to v3.2.1) with a missing capability check on multiple REST API endpoints. This vulnerability allows unauthenticated attackers to perform actions on behalf of another website, including sending arbitrary friend requests, accepting t...
CVE-2024-12028 Friends <= 3.2.1 - Missing Authorization
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...
GHSA-4H8F-C635-25P7 ibexa/post-install affected by Breach with Varnish VCL
Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted...
ibexa/post-install affected by Breach with Varnish VCL
Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted...
GHSA-FH7V-Q458-7VMW ibexa/http-cache affected by Breach with Varnish VCL
Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...
ibexa/http-cache affected by Breach with Varnish VCL
Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...
GHSA-MGFG-7533-7JF6 ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL
Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...
ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL
Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...
PT-2024-40073 · Apache +1 · Apache +1
Name of the Vulnerable Software and Affected Versions: ibexa post-install versions prior to the patched versions Description: The issue is related to the BREACH vulnerability, which affects HTTP compression and can allow secrets to be extracted through carefully crafted requests. This is due to...
CVE-2024-50357
FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial factory default configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server GUI or Web authentication ...
CVE-2024-11091
The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-11091 Support SVG – Upload svg files in wordpress without hassle <= 1.1.0 - Authenticated (Author+) Stored Cross-site Scripting via SVG File Upload
The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...
Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager
CVE-2022-1388 CVE-2022-1388 is a serious vulnerabil...
WordPress Plugin 'Really Simple Security Pro' 9.0.0 < 9.1.2 Authentication Bypass
The WordPress application running on the remote host has a version of the 'Really Simple Security Pro' plugin that is 9.0.x prior to 9.1.2. It is, therefore, affected by an authentication bypass vulnerability. This is due to improper user check error handling in the two-factor REST API actions wi...
Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security
POC for CVE-2024-10924 An error handling flaw in the REST API...
CVE-2024-31141
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also...
CVE-2024-11098
The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level acces...
CVE-2020-3538 Cisco Data Center Network Manager Path Traversal Vulnerability
A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploi...