Lucene search
+L

454 matches found

Vulnrichment
Vulnrichment
added 2025/06/19 10:38 a.m.4 views

CVE-2025-32896 Apache SeaTunnel: Unauthenticated insecure access

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

7.3AI score0.01063EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/19 12:0 a.m.9 views

Apache SeaTunnel 访问控制错误漏洞

Apache SeaTunnel is an easy-to-use data integration framework from the Apache USA Foundation. An access control error vulnerability exists in Apache SeaTunnel version 2.3.10 and earlier, which originates from an unauthorized user being able to perform arbitrary file read and deserialization attac...

6.5CVSS8.9AI score0.01063EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/05/28 12:0 a.m.8 views

CVE-2025-32802

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

6.1CVSS5.8AI score0.00195EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/05/28 12:0 a.m.10 views

CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

7.8CVSS5.8AI score0.00233EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 6:30 p.m.10 views

CVE-2021-30056

Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting XSS. An attacker can inject arbitrary web script in /restful-services/publish via the 'EXECFROM' parameter that can lead to data leakage...

5.4CVSS6.1AI score0.00616EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:51 p.m.12 views

CVE-2020-29001

An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a...

7.2CVSS7.2AI score0.01272EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.8 views

CVE-2019-1010250

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator or attacker can install unintended flow rules in the switch by mistake. The component is: createFlow and createFlows functions in FlowWebResource.java RESTful service. The...

5.5CVSS7AI score0.01059EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:41 a.m.9 views

CVE-2013-0205

Cross-site request forgery CSRF vulnerability in the RESTful Web Services restws module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors...

6.8CVSS7.7AI score0.00673EPSS
Exploits0References1
NVD
NVD
added 2025/05/08 9:15 p.m.16 views

CVE-2023-31585

Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php...

9.8CVSS0.00734EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/08 12:0 a.m.7 views

CVE-2023-31585

Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php...

9.5AI score0.00734EPSS
Exploits0References2
CVE
CVE
added 2025/05/08 12:0 a.m.78 views

CVE-2023-31585

Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to a file upload flaw via /admin/add-category.php. The issue, confirmed across multiple sources, permits uploading arbitrary files, with CVSS v3.1 indicating Network attack, no privileges required, no user interaction, and high impact to confidential...

9.8CVSS7.1AI score0.00734EPSS
Exploits0References2
ICS
ICS
added 2025/04/30 12:0 a.m.13 views

Commvault Web Server unspecified vulnerability

RISK EVALUATION According to Commvault: "The Web Server is a component in CommCell environments that provides a RESTful interface to the software where users can perform various tasks using available APIs". A remote, authenticated attacker can exploit an unspecified vulnerability to compromise a...

8.8CVSS6.6AI score0.01997EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:30 a.m.71 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Red Hat is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2016-4074. getaddrinfo is used by IBM Robotic Process Automation for Cloud Pak as part of the ba...

9.8CVSS10AI score0.10539EPSS
Exploits13Affected Software1
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.6 views

F5 NGINX Unit 安全漏洞

F5 NGINX Unit is a multilingual dynamic application server from F5 Corporation. The product supports a RESTful JSON API to run applications built using multiple languages and frameworks. A security vulnerability exists in F5 NGINX Unit prior to version 1.34.2, which stems from an infinite loop th...

6.9CVSS5.4AI score0.00552EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/01/17 12:0 a.m.6 views

The vulnerability of the Drupal CMS system’s RESTful Web Services module, related to errors in request processing, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Drupal CMS system’s RESTful Web Services module is related to errors in request processing. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS5.5AI score0.00495EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/15 12:0 a.m.12 views

The vulnerability of Drupal’s REST & JSON API Authentication in the Drupal CMS system, related to incorrect authentication procedures, allows attackers to bypass existing security restrictions.

The vulnerability of Drupal’s REST & JSON API Authentication in the Drupal CMS system is related to improper authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...

10CVSS5.4AI score0.00629EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/01/09 7:15 p.m.19 views

CVE-2024-13255

Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10...

7.5CVSS0.00495EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/09 7:0 p.m.13 views

CVE-2024-13255 RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019

Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10...

6.9AI score0.00495EPSS
Exploits0References1
CVE
CVE
added 2025/01/09 7:0 p.m.59 views

CVE-2024-13255

CVE-2024-13255 affects Drupal RESTful Web Services (7.x-2.0 to 7.x-2.10). Root issue: REST resources exposed in the module did not sufficiently restrict access, enabling exposure of sensitive information via data queries (forceful browsing). Impact described as high with potential confidentiality...

7.5CVSS6.6AI score0.00495EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/01/09 7:0 p.m.26 views

CVE-2024-13255 RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019

Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10...

0.00495EPSS
Exploits0References1
Rows per page
Query Builder