4960 matches found
CVE-2024-8522 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-8529 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-8529
CVE-2024-8529 – LearnPress : The LearnPress WordPress LMS Plugin (versions ≤ 4.2.7) is vulnerable to unauthenticated SQL injection via the c_fields parameter in the /wp-json/lp/v1/courses/archive-course REST API. This is due to insufficient escaping and lack of proper SQL query preparation, allow...
CVE-2024-8522
LearnPress WordPress LMS Plugin (= 4.2.7.1) or apply vendor-supplied security fixes. Technical details and PoCs are available in multiple connected sources (e.g., nuclei template, Exploit DB, Metasploit module).
XWiki 1.8 < 15.10.9, 16.0.0-rc-1 < 16.3.0 Information Disclosure Vulnerability (GHSA-pvmm-55r5-g3mm)
Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
CVE-2024-45591
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...
CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...
CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...
CVE-2024-45591
CVE-2024-45591 concerns XWiki Platform: the REST API can disclose page history information to unauthorized users, including per-modification times, version numbers, author usernames/display names, and version comments, even on fully private wikis. The issue is triggered by unauthenticated access ...
CVE-2024-45323
An improper access control vulnerability CWE-284 in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include...
CVE-2024-45323
An improper access control vulnerability CWE-284 in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include...
CVE-2024-45323
An improper access control vulnerability CWE-284 in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include...
Cisco Identity Services Engine REST API Blind SQLi (cisco-sa-ise-rest-5bPKrNtZ)
According to its self-reported version, Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities is affected by a Blind SQL Injection SQLi vulnerability. - Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attack...
CVE-2024-39715
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server...
CVE-2024-39715
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server...
CVE-2024-39715
CVE-2024-39715 describes a code injection vulnerability in Veeam Service Provider Console (VSPC) where a low-privileged user with REST API access can remotely upload arbitrary files to the VSPC server, leading to remote code execution. The description is consistent across multiple sources (NVD, R...
CVE-2024-7786
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...
CVE-2024-7786
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...
CVE-2024-7786
Summary: Sensei LMS WordPress plugin prior to version 4.24.2 contains an issue where certain REST API routes are not properly protected, allowing unauthenticated access to leak email templates. Affected software: Sensei LMS WordPress plugin (versions before 4.24.2). Root cause (as stated): Unprot...
CVE-2024-7786 Sensei LMS < 4.24.2 - Unauthenticated Email Template Leak
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...