Lucene search
K

547 matches found

Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.10 views

PT-2026-6305

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.81 Description FacturaScripts, an open-source enterprise resource planning and accounting software, contains a critical SQL injection issue in its REST API. Authenticated API users can execute arbitrary SQ...

8.3CVSS6AI score0.00473EPSS
Exploits3References9
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-6408

Summary FacturaScripts contains a critical SQL Injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The vulnerability exists in the ModelClass::getOrderBy method where user-supplied sorting parameters are directly...

8.3CVSS6.4AI score0.00473EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.17 views

PT-2026-5733

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php. This issue affects CheckUser: from a3dc1bbcc33acbcca6831d6afaccbb1054c93a57, 0584eb2ad564648aa3ce9c555dd044dda02b55f4...

2CVSS5.3AI score0.00293EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/28 9:37 p.m.9 views

WordPress WP Adminify plugin <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API vulnerability

Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API vulnerability discovered by ibrahimsql in WordPress Plugin WP Adminify versions = 4.0.7.7...

5.3CVSS5.9AI score0.00247EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/01/28 6:43 a.m.18 views

EUVD-2026-4914

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...

7.3CVSS5.9AI score0.00323EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/28 6:43 a.m.5 views

CVE-2026-0832

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...

7.3CVSS5.9AI score0.00323EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/01/26 11:29 a.m.6 views

CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

9.9CVSS5.9AI score0.03732EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.8 views

PT-2026-4763

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

5.9AI score0.03732EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/01/17 12:51 a.m.10 views

SUSE CVE-2017-18895

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information user statuses via a REST API version 4 endpoint...

5.3CVSS6.6AI score0.0092EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/14 1:22 a.m.8 views

CVE-2026-0504

Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited disclosure or modification...

3.8CVSS6.4AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/01/13 2:16 p.m.5 views

CVE-2025-14507

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...

5.3CVSS0.00378EPSS
Exploits0References5
CVE
CVE
added 2026/01/13 1:49 p.m.21 views

CVE-2025-14507

CVE-2025-14507 — EventPrime for WordPress suffers unauthenticated sensitive information exposure via the REST API in all versions up to and including 4.2.7.0. Unauthenticated attackers could exfiltrate booking data (user names, emails, ticket details, payment information, and order keys) when the...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/13 1:14 a.m.4 views

CVE-2026-0504 Insufficient Input Handling in JNDI Operations of SAP Identity Management

Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited disclosure or modification...

3.8CVSS6AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

WordPress plugin EventPrime 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/12 5:52 p.m.6 views

CVE-2026-22250 wlc can skip SSL verification

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0...

2.5CVSS6.4AI score0.00134EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/12 8:15 a.m.4 views

CVE-2025-14279 DNS Rebinding Vulnerability in mlflow/mlflow

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

8.1CVSS6.5AI score0.00193EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.8 views

CVE-2023-31469

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

8.8CVSS6.5AI score0.01096EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/08 3:15 a.m.4 views

CVE-2025-11235

Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows REST API modules.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10...

3.7CVSS7AI score0.00178EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.12 views

CVE-2025-14059

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the createtemplate REST API endpoint where user-controlled input from the emailkit-editor-template parameter is passed...

6.5CVSS0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.9 views

PT-2026-1553

Name of the Vulnerable Software and Affected Versions EmailKit versions up to and including 1.6.1 Description The EmailKit plugin for WordPress is susceptible to Arbitrary File Read due to a Path Traversal issue. This occurs because of a lack of path validation in the create template REST API...

6.5CVSS5.9AI score0.00249EPSS
Exploits0References5
Rows per page
Query Builder