4960 matches found
CVE-2024-1475 Coming Soon Maintenance Mode <= 1.0.5 - Information Exposure
The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the...
Coming Soon Maintenance Mode < 1.0.6 - Information Exposure
Description The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provid...
WP Maintenance < 6.1.7 - Information Exposure
Description The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...
My Private Site < 3.1.0 - Improper Access Control to Sensitive Information Exposure via REST API
Description The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post...
CVE-2024-22389
When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Design/Logic Flaw
When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-22389
CVE-2024-22389 affects BIG-IP in HA deployments where updating an iControl REST API token fails to sync to the peer, a control-plane issue impacting confidentiality, integrity, and availability (CVSS v3.1 base 7.2). Affected releases and fixes: BIG-IP (all modules) vulnerable in 17.1.0; fix intro...
CVE-2024-22389 BIG-IP iControl REST API Vulnerability
When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-22389 BIG-IP iControl REST API Vulnerability
When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K32544615: BIG-IP iControl REST API vulnerability CVE-2024-22389
Security Advisory Description When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. CVE-2024-22389 Impact This vulnerability may allow a high privileged remote authenticated attacker to use deleted or updated API...
Exploit for Missing Authorization in Xlplugins Nextmove
CVE-2024-25092 NextMove Lite 2.18.0 - Subscriber+ Arbitra...
CVE-2023-44294
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance between v5.10.00.00 and v5.18.00.00, a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially...
Information disclosure
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance between v5.10.00.00 and v5.18.00.00, a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially...
CVE-2023-44294
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance between v5.10.00.00 and v5.18.00.00, a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially...
CVE-2023-44294
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance between v5.10.00.00 and v5.18.00.00, a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially...
CVE-2023-44293
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance between v5.10.00.00 and v5.18.00.00, a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially le...
Information disclosure
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance between v5.10.00.00 and v5.18.00.00, a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially le...
CVE-2023-44293
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance between v5.10.00.00 and v5.18.00.00, a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially le...
CVE-2023-44293
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance between v5.10.00.00 and v5.18.00.00, a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially le...
Dell EMC Secure Connect Gateway SQL注入漏洞
The Dell Secure Connect Gateway Application is a secure connectivity gateway from Dell, USA. The Dell Secure Connect Gateway Application suffers from a SQL injection vulnerability that can be exploited by an attacker to inject malicious content into the filters of the Collection Rest API, resulti...