CVE-2023-2733 MStore API <= 3.9.0 - Authentication Bypass

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated...

CVE-2023-2733 MStore API <= 3.9.0 - Authentication Bypass

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated...

PT-2023-21071 · WordPress · Mstore Api

Name of the Vulnerable Software and Affected Versions: MStore API plugin for WordPress versions up to, and including, 3.9.1 Description: The issue is related to authentication bypass due to insufficient verification of the user being supplied during the cart sync from mobile REST API request...

VulnCheck KEV: CVE-2023-2734

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for...

WordPress Plugin MStore API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

MStore API < 3.9.3 - Authentication Bypass

The plugin does not properly verify the user provided when adding listing via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...

MStore API < 3.9.2 - Authentication Bypass

The plugin does not properly verify the user provided when syncing their cart via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...

GLSA-202305-24 : MediaWiki: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-24 MediaWiki: Multiple Vulnerabilities - MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. CVE-2021-41798 - MediaWiki before 1.36.2...

kafka: RCE/DoS via SASL JAAS JndiLoginModule configuration in Kafka Connect

A flaw was found in Apache Kafka Connect's REST API that permits configuration of SASL property by an authenticated operator, which could allow connection to a malicious LDAP server and subsequent deserialization of malicious content. This issue could allow an authenticated attacker to cause a...

MStore API < 3.9.1 - Authentication Bypass

The plugin does not properly verify the user provided when redemption coupons via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...

PT-2023-23231 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.0.0p36 Checkmk versions prior to 2.1.0p28 Checkmk versions prior to 2.2.0b8 Description: The issue is related to the improper neutralization of livestatus command delimiters in the RestAPI, allowing arbitrary...

PT-2023-18447 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.1.0p28 Checkmk versions prior to 2.2.0b8 Description: The issue concerns improper authorization in the RestAPI of Checkmk, allowing remote authenticated users to read arbitrary host configs. Recommendations: For...

io.jenkins.blueocean:blueocean-pipeline-scm-api (>=1.27.4 <=1.27.5.1), io.jenkins.plugins:code-coverage-api (>=4.2.0 <=4.7.0) +12 more potentially affected by CVE-2023-32977 via org.jenkins-ci.plugins.workflow:workflow-job (>=0.1-beta-1 <=1292.v27d8cc3e2602)

org.jenkins-ci.plugins.workflow:workflow-job MAVEN version =0.1-beta-1, =1.27.4, =4.2.0, =1.17.vd2468d9c5e85, =0.1-beta-1, =1.14, =1.16.4 - org.jenkins-ci.plugins:gradle =2.12.0.1 - org.jenkins-ci.plugins:inline-pipeline =1.0.3 Source cves: CVE-2023-32977 Source advisory: OSV:GHSA-2WVV-PHHW-QVMC...

CVE-2023-29106

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint...

Authentication flaw

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint...

CVE-2023-29106

CVE-2023-29106 affects SIMATIC Cloud Connect 7 CC712/CC716 (V2.0 to V2.1). An export endpoint exposed via REST API without authentication could allow an unauthenticated remote attacker to download files available through the endpoint, per multiple sources (NVD/Red Hat/NCSC advisories). The Red Ha...

CVE-2023-29106

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint...

CVE-2023-29106

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint...

WordPress REST API TO MiniProgram Plugin <= 4.6.9 is vulnerable to Arbitrary Content Deletion

Software REST API TO MiniProgram Type Plugin Vulnerable versions = 4.6.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-0551 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 319d19ca8dfe Credits Lana Codes Requir...

Password Disclosure

apache-superset is vulnerable to Password Disclosure. An authenticated user with specific data permissions could access database connections and stored passwords by requesting a specific REST API...