4960 matches found
GHSA-CMJC-52FG-9F7J Apache Superset vulnerable to Exposure of Sensitive Information
An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1...
Apache Superset vulnerable to Exposure of Sensitive Information
An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1...
Using the Jira Python library to make REST API calls with cookie auth bypasses Jira rate limiting
h3. Issue Summary When using the open-source Jira Python library|https://github.com/pycontribs/jira to make REST API calls to Jira, if cookie-based authentication|https://jira.readthedocs.io/examples.htmlcookie-based-authentication is used then Jira's rate limits will be bypassed. This can result...
SUSE SLES15 Security Update : dnsdist (SUSE-SU-2023:2777-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2777-1 advisory. - Implements package 'dnsdist' with version 1.8.0 in SLE15. jscPED-3402 - Downstream DNS resolver configuration should be chosen by...
CVE-2023-3133
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available...
CVE-2023-3133
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available...
Design/Logic Flaw
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available...
CVE-2023-3133 Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available...
CVE-2023-3133 Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available...
CVE-2023-3133
The CVE-2023-3133 entry concerns the Tutor LMS WordPress plugin (pre-2.2.1) where REST API endpoints do not perform adequate permission checks, allowing unauthenticated access to information from Lessons that should not be publicly available. Affected product: Tutor LMS WordPress plugin; vulnerab...
PT-2023-23292 · WordPress · Tutor Lms
Name of the Vulnerable Software and Affected Versions: Tutor LMS WordPress plugin versions prior to 2.2.1 Description: The issue concerns inadequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly availabl...
admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +123 more potentially affected by CVE-2023-36053 via django (>=3.2.0 <=3.2.2)
django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =1.0.6, =6.2.0, =0.2.0, =0.1.0, =21.1.1, =21.1.0, =22.0.0.dev13, =22.0.0.dev14 and more Source cves: CVE-2023-36053 Source advisory: OSV:PYSEC-2023-100...
CVE-2023-2744
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2023-2744
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
Sql injection
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2023-2744 WP ERP < 1.12.4 - Admin+ SQL Injection
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2023-2744
CVE-2023-2744 affects the WP ERP WordPress plugin pre-1.12.4. The vulnerability is a SQL injection in the REST endpoint erp/v1/accounting/v1/people where the type parameter is not properly sanitized/escaped before use in a SQL statement, allowing high-privilege users (e.g., admins) to potentially...
CVE-2023-2744 WP ERP < 1.12.4 - Admin+ SQL Injection
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2023-25194
A flaw was found in Apache Kafka Connect's REST API that permits configuration of SASL property by an authenticated operator, which could allow connection to a malicious LDAP server and subsequent deserialization of malicious content. This issue could allow an authenticated attacker to cause a...
CVE-2023-2719
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the id parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber...