Lucene search
+L

161 matches found

Veracode
Veracode
added 2025/05/08 3:3 a.m.125 views

Information Disclosure

github.com/hashicorp/vault is vulnerable to information disclosure. The vulnerability is due to insufficient input validation or improper handling of malformed payloads, which allows an attacker to expose sensitive information by triggering logging of secret data during secret creation or update...

6.5CVSS6.1AI score0.00335EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2025/04/23 3:33 p.m.32 views

CVE-2025-32969 org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend,...

9.3CVSS0.80716EPSS
Exploits1References3
CVE
CVE
added 2025/04/22 5:14 p.m.60 views

CVE-2025-32950

Summary (CVE-2025-32950): Jmix (v1.0.0–v1.6.1 and v2.0.0–v2.3.4) is vulnerable to path traversal via the FileRef parameter. An attacker could read arbitrary files on the host if the application server has sufficient permissions, by modifying FileRef in the database or by supplying a crafted value...

6.5CVSS6.3AI score0.00628EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/21 12:0 a.m.12 views

PT-2025-17436 · Opentext · Opentext Content Server

Name of the Vulnerable Software and Affected Versions: OpenText Content Server versions 20.2 through 24.4 Description: The issue is related to an Incorrect Authorization vulnerability in the OpenText Content Server REST API, allowing users without the appropriate permissions to remove external...

5.5CVSS6.4AI score0.00262EPSS
Exploits0References7
OSV
OSV
added 2025/04/03 2:6 p.m.7 views

BIT-DOLIBARR-2023-38888

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject...

9.6CVSS7.2AI score0.01109EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/04/02 4:53 p.m.14 views

CVE-2025-30155

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8...

4.3CVSS7AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/31 3:58 p.m.9 views

CVE-2025-30155 Tuleap does not enforce read permissions on parent trackers in the REST API

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8...

4.3CVSS4.5AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2025/03/26 1:44 p.m.11 views

CVE-2025-23203 Icinga has rest API endpoints accessible to restricted users

Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required...

5.5CVSS5.5AI score0.0037EPSS
Exploits0References7
CVE
CVE
added 2025/03/26 1:44 p.m.96 views

CVE-2025-23203

CVE-2025-23203 affects Icinga Director (REST API) prior to versions 1.10.4 and 1.11.4. An authenticated Director user with API access can retrieve or modify information for objects they should not fully access, via endpoints such as icingaweb2/director/service (host omitted), icingaweb2/director/...

5.5CVSS5.5AI score0.0037EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/03/24 7:16 a.m.22 views

CVE-2025-1311

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in the updatedeliverystatus function in all versions up to, and including, 1.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS7.3AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:8 p.m.10 views

CVE-2024-10553

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

9.8CVSS7.9AI score0.01441EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.15 views

CVE-2024-10553 Jdbc Deserialization in h2oai/h2o-3

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

9.8CVSS0.01441EPSS
Exploits1References2
CVE
CVE
added 2025/03/11 9:48 a.m.89 views

CVE-2025-27494

CVE-2025-27494 affects Siemens SiPass integrated AC5102 (ACC-G2) and ACC-AP with all versions before V6.4.9. The issue stems from improper input sanitization at the REST API’s pubkey endpoint, enabling an authenticated remote administrator to inject commands that run with root privileges. Connect...

9.4CVSS7.6AI score0.00466EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/02/26 3:27 a.m.142 views

CVE-2024-12434

CVE-2024-12434 concerns the SureMembers WordPress plugin (versions up to 1.10.6). The issue enables sensitive information exposure via the REST API, allowing unauthenticated attackers to extract restricted content. Wordfence’s vulnerability entry confirms the affected software and that a fix is a...

5.3CVSS5.2AI score0.00511EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/08 4:39 a.m.17 views

CVE-2025-0466

The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak senseiemail and senseimessage Information...

5.3CVSS6.8AI score0.00387EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 2:30 a.m.12 views

CVE-2025-20156

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...

9.9CVSS6.9AI score0.01159EPSS
Exploits0References1
OSV
OSV
added 2025/02/05 7:26 a.m.12 views

BIT-SUPERSET-2024-24772 Apache Superset: Improper Neutralisation of custom SQL on embedded context

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, whi...

4.3CVSS4.7AI score0.00945EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 1:46 a.m.8 views

CVE-2024-11423

The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...

7.5CVSS7.4AI score0.00766EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:12 a.m.6 views

CVE-2024-20536

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...

8.8CVSS8.1AI score0.00772EPSS
Exploits0References1
OSV
OSV
added 2025/02/04 6:0 a.m.9 views

CVE-2025-0466 Sensei LMS < 4.24.4 - Unauthenticated sensei_email/sensei_message Disclosure

The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak senseiemail and senseimessage Information...

5.3CVSS7.2AI score0.00387EPSS
Exploits1References3
Rows per page
Query Builder