855 matches found
CVE-2024-0909
The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticat...
CVE-2024-0510
A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function httppost of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched...
PT-2023-32233 · WordPress · Wp Mail Log
Name of the Vulnerable Software and Affected Versions: WP Mail Log WordPress plugin versions prior to 1.1.3 Description: The issue arises from incorrect authorization of REST API endpoints in the WP Mail Log WordPress plugin, allowing users with the Contributor role to view and delete data that...
Server side request forgery (ssrf)
google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set ...
Headscale Security Breach
Headscale is an application from the Dutch individual developer Juan Font that provides self-hosts and hobbyists with open source servers that can be used for their projects and labs. A security vulnerability exists in Headscale 0.22.3 and earlier versions, which stems from a token being entered...
CVE-2023-6073
Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 and other vehicles of the VW Group with the same hardware and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls...
Update Rollup 2 for System Center 2022 Orchestrator
Update Rollup 2 for System Center 2022 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 2 for Microsoft System Center Orchestrator 2022. This article also contains the installation instructions for this update. Issues that are fixed Monitoring Activities...
SUSE CVE-2023-46118
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...
DEBIAN-CVE-2023-46118
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...
AZL-35196 CVE-2023-46118 affecting package rabbitmq-server for versions less than 3.13.0-1
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...
CVE-2023-5329
A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used...
CVE-2023-5329
A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used...
Authentication flaw
A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used...
CVE-2023-5329
CVE-2023-5329 affects Field Logic DataCube4 Web API (endpoint /api/). The vulnerability arises from improper authentication in the Web API, enabling potential unauthorized access. Affected version: DataCube4 up to 20231001. The exploit has been disclosed publicly. CVSS 3.1 base score 7.5 ( HIGH )...
CVE-2023-5329 Field Logic DataCube4 Web API improper authentication
A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used...
CVE-2023-5329 Field Logic DataCube4 Web API improper authentication
A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2023:0234-1 Rating: important References: 1214003 1214301 Cross-References: CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-43...
CVE-2023-33237
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs ar...
CVE-2023-33237
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs ar...
Authentication flaw
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs ar...