Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is...

Cisco SD-WAN vManage Unauthenticated REST API Access (cisco-sa-vmanage-unauthapi-sphCLYPA)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited...

Docker HTTP REST API Public WAN (Internet) / Public LAN Accessible without Authentication

The script checks if the target host is exposing the Docker HTTP REST API endpoints to a public WAN Internet / public LAN without authentication. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

CVE-2023-28001

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...

Design/Logic Flaw

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...

CVE-2023-28001

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...

CVE-2023-28001

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...

Protect

An insufficient session expiration CWE-613 vulnerability in FortiOS REST API may allow an attacker to keep a secure websocket session active after user deletion...

Fortinet Fortigate Existing websocket connection persists after deleting API admin (FG-IR-23-028)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-028 advisory. - An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute...

GHSA-6XXR-648M-GCH6 XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API

Impact The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming...

XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API

Impact The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming...

CVE-2023-3271

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints...

CVE-2023-3271

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints...

Improper access control

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints...

CVE-2023-37277 XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML...

CVE-2023-37277 XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML...

CVE-2023-3076 MStore API < 3.9.9 - Unauthenticated Privilege Escalation

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features...

CVE-2023-3271

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints...

CVE-2023-3271

CVE-2023-3271 concerns the SICK ICR890-4, where an improper access control flaw allows an unauthenticated remote attacker to gather system information and download data via unauthenticated REST API endpoints. The issue is documented across multiple feeds (NVD, Red Hat, PRION, CNNVD, and Sick PSIR...

CVE-2023-3271

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints...