454 matches found
CVE-2025-32896 Apache SeaTunnel: Unauthenticated insecure access
Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...
Apache SeaTunnel 访问控制错误漏洞
Apache SeaTunnel is an easy-to-use data integration framework from the Apache USA Foundation. An access control error vulnerability exists in Apache SeaTunnel version 2.3.10 and earlier, which originates from an unauthorized user being able to perform arbitrary file read and deserialization attac...
CVE-2025-32802
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...
CVE-2025-32801
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...
CVE-2021-30056
Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting XSS. An attacker can inject arbitrary web script in /restful-services/publish via the 'EXECFROM' parameter that can lead to data leakage...
CVE-2020-29001
An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a...
CVE-2019-1010250
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator or attacker can install unintended flow rules in the switch by mistake. The component is: createFlow and createFlows functions in FlowWebResource.java RESTful service. The...
CVE-2013-0205
Cross-site request forgery CSRF vulnerability in the RESTful Web Services restws module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors...
CVE-2023-31585
Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php...
CVE-2023-31585
Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php...
CVE-2023-31585
Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to a file upload flaw via /admin/add-category.php. The issue, confirmed across multiple sources, permits uploading arbitrary files, with CVSS v3.1 indicating Network attack, no privileges required, no user interaction, and high impact to confidential...
Commvault Web Server unspecified vulnerability
RISK EVALUATION According to Commvault: "The Web Server is a component in CommCell environments that provides a RESTful interface to the software where users can perform various tasks using available APIs". A remote, authenticated attacker can exploit an unspecified vulnerability to compromise a...
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Red Hat is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2016-4074. getaddrinfo is used by IBM Robotic Process Automation for Cloud Pak as part of the ba...
F5 NGINX Unit 安全漏洞
F5 NGINX Unit is a multilingual dynamic application server from F5 Corporation. The product supports a RESTful JSON API to run applications built using multiple languages and frameworks. A security vulnerability exists in F5 NGINX Unit prior to version 1.34.2, which stems from an infinite loop th...
The vulnerability of the Drupal CMS system’s RESTful Web Services module, related to errors in request processing, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Drupal CMS system’s RESTful Web Services module is related to errors in request processing. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of Drupal’s REST & JSON API Authentication in the Drupal CMS system, related to incorrect authentication procedures, allows attackers to bypass existing security restrictions.
The vulnerability of Drupal’s REST & JSON API Authentication in the Drupal CMS system is related to improper authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...
CVE-2024-13255
Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10...
CVE-2024-13255 RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019
Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10...
CVE-2024-13255
CVE-2024-13255 affects Drupal RESTful Web Services (7.x-2.0 to 7.x-2.10). Root issue: REST resources exposed in the module did not sufficiently restrict access, enabling exposure of sensitive information via data queries (forceful browsing). Impact described as high with potential confidentiality...
CVE-2024-13255 RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019
Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10...