4960 matches found
F5 BIG-IP Security Vulnerabilities
F5 BIG-IP is an application delivery platform from F5 Corporation that integrates network traffic management, application security management, and load balancing. A security vulnerability exists in the F5 BIG-IP that originates when the BIG-IP is deployed with High Availability HA and an iControl...
F5 Networks BIG-IP : BIG-IP iControl REST API vulnerability (K32544615)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K32544615 advisory. When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does no...
CVE-2024-23813
A vulnerability has been identified in Polarion ALM All versions V2404.0. The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code...
Code injection
A vulnerability has been identified in Polarion ALM All versions. The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code...
CVE-2024-23813
A vulnerability has been identified in Polarion ALM All versions V2404.0. The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code...
CVE-2024-23813
A vulnerability has been identified in Polarion ALM All versions V2404.0. The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code...
CVE-2024-23813
Polarion ALM is affected for all versions before V2404.0. The REST API endpoints of the doorsconnector lack proper authentication, allowing an unauthenticated remote attacker to access endpoints and potentially execute code. CVSS v3.1 base score is 9.8 (CRITICAL) per NVD; CNA score 7.3 (HIGH). Si...
Code injection
The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content...
CVE-2024-0965 Simple Page Access Restriction <= 1.0.21 - Improper Access Control to Sensitive Information Exposure via REST API
The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content...
CVE-2024-0965
CVE-2024-0965 affects the WordPress Simple Page Access Restriction plugin (versions
CVE-2024-0965 Simple Page Access Restriction <= 1.0.21 - Improper Access Control to Sensitive Information Exposure via REST API
The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content...
PT-2024-15945 · WordPress · Simple Page Access Restriction
Name of the Vulnerable Software and Affected Versions: Simple Page Access Restriction plugin for WordPress versions up to, and including, 1.0.21 Description: The issue allows unauthenticated attackers to bypass page restrictions and view page content via the REST API. This is possible due to...
CVE-2024-20255
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for th...
Cross site request forgery (csrf)
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for th...
CVE-2024-20255
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for th...
Simple Page Access Restriction < 1.0.23 - Improper Access Control to Sensitive Information Exposure via REST API
Description The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content...
PT-2024-7126 · Trend Micro · Trend Micro Cloud Edge
Name of the Vulnerable Software and Affected Versions: Trend Micro Cloud Edge affected versions not specified Description: A command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. The vulnerability is related to th...
CVE-2024-0969
The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content...
Design/Logic Flaw
The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content...
CVE-2024-0969
ARMember for WordPress