WordPress core <= 5.8 - Data Exposure via REST API vulnerability

Data Exposure via REST API vulnerability discovered by Michael Adams in WordPress core versions = 5.8. Version update list: 5.8 updated to 5.8.1, 5.7.2 updated to 5.7.3, 5.7.1 updated to 5.7.3, 5.7 updated to 5.7.3, 5.6.4 updated to 5.6.5, 5.6.3 updated to 5.6.5, 5.6.2 updated to 5.6.5, 5.6.1...

ZStack 代码问题漏洞

ZStack is an open source IaaS Infrastructure as a Service software designed to automate data centers and manage compute, storage, and network resources through APIs. Zstack suffers from a code issue vulnerability that stems from a pre-authentication insecure deserialization vulnerability in the...

CVE-2021-39122

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version...

Information disclosure

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version...

Information disclosure

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from...

CVE-2021-39122

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version...

PT-2021-22386 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.5.13 Atlassian Jira Server and Data Center versions 8.6.0 through 8.13.5 Atlassian Jira Server and Data Center versions 8.14.0 through 8.15.1 Description: The issue allows anonymous...

CVE-2021-39196

pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filte...

CVE-2021-39196

pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filte...

Denial of service

pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filte...

CVE-2021-39196 Authenticated non-privileged user can request unfiltered data without adequate permissions in pcapture

pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filte...

CVE-2021-39196

CVE-2021-39196 affects pcapture, an open source dumpcap web service interface. In affected versions prior to 3.12, an authenticated but unprivileged user can use the REST API to capture and download packets with no capture filter and without adequate permissions, potentially exposing all data on ...

Authentication flaw

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution...

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution...

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution...

CVE-2021-40539

CVE-2021-40539 affects Zoho ManageEngine ADSelfService Plus (6100-series and earlier) with a REST API authentication bypass that enables remote code execution. Public evidence shows active exploitation campaigns (GODZILLA webshell, NGLite backdoor, KdcSponge) and targeted activity reported by CIS...

PT-2021-4466

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADSelfService Plus versions 6113 and prior Description The issue is related to an authentication bypass vulnerability in the REST API of Zoho ManageEngine ADSelfService Plus, which can lead to remote code execution. This...

Zoho Releases Security Update for ADSelfService Plus

Zoho has released a security update on a vulnerability CVE-2021-40539 affecting ManageEngine ADSelfService Plus builds 6113 and below. CVE-2021-40539 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine...

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. Recent assessments: ccondon-r7 at November 08, 2021 3:18pm UTC reported: Rapid7’s services teams are observing opportunistic exploitation of this...

CVE-2021-38312

The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...