FULL - Customer < 2.3 - Subscriber+ Arbitrary Plugin Installation

Description The plugin does not have proper authorisation in its install-plugin REST API, allowing any authenticated users, such as subscriber to install plugins from arbitrary sources...

Improper Access Control

gitlab is vulnerable to Improper Access Control. This vulnerability allows unprivileged users using the REST API to change labels descriptions...

CVE-2023-20214

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is...

CVE-2023-20214

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is...

Input validation

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is...

CVE-2023-20214

Cisco SD-WAN vManage REST API authentication validation vulnerability (CVE-2023-20214) allows unauthenticated remote attackers to read or partially modify configuration due to insufficient REST API request validation. Affected product: Cisco SD-WAN vManage (REST API surface only; web UI/CLI unaff...

CVE-2023-20214

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is...

CVE-2023-3345

The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students...

CVE-2023-3345

The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students...

Information disclosure

The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints...

CVE-2023-3345

CVE-2023-3345 affects the LMS by Masteriyo WordPress plugin prior to 1.6.8. The plugin’s REST API endpoints lack proper authorization, enabling any student to retrieve other students’ email addresses (information disclosure). Root cause per connected details: insufficient access checks on REST ro...

CVE-2023-3345 LMS by Masteriyo < 1.6.8 - Information Exposure

The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students...

CVE-2023-3345 LMS by Masteriyo < 1.6.8 - Information Exposure

The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students...

WordPress plugin LMS by Masteriyo 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

PT-2023-24346 · Masteriyo · The Lms By Masteriyo

Name of the Vulnerable Software and Affected Versions: The LMS by Masteriyo WordPress plugin versions prior to 1.6.8 Description: The issue concerns improper authorization in some of the plugin's REST API endpoints. This allows any students to retrieve email addresses of other students, effective...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI...

WordPress Rest Routes – Custom Endpoints for WP REST API Plugin < 4.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Rest Routes – Custom Endpoints for WP REST API Type Plugin Vulnerable versions 4.4.1 Fixed in 4.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8d3ad1937efb Credits Raf...

Cisco SD-WAN vManage Input Validation Error Vulnerability (CNVD-2023-62933)

Cisco SD-WAN vManage is a highly customizable dashboard from Cisco, Inc. that simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. Cisco SD-WAN vManage suffers from an input validation error vulnerability that stems from insufficient request validatio...

PT-2023-23625 · Softlab · Softlab Integrate Google Drive

Name of the Vulnerable Software and Affected Versions: SoftLab Integrate Google Drive versions n/a through 1.1.99 Description: The issue is related to a Missing Authorization vulnerability in SoftLab Integrate Google Drive, allowing exploitation of incorrectly configured access control security...

Fortinet FortiOS Access Control Error Vulnerability (CNVD-2024-26505)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An access control error...