223 matches found
FullStackHero WebAPI Boilerplate Security Vulnerability
FullStackHero WebAPI Boilerplate is a template project from the FullStackHero community for quickly building Web APIs. A security vulnerability exists in FullStackHero WebAPI Boilerplate version v1.0.0 and v1.0.1, which stems from a host header injection vulnerability in the forgot password featu...
CVE-2024-26470
CVE-2024-26470 describes a host header injection in the forgot password feature of FullStackHero.WebAPI.Boilerplate (versions v1.0.0 and v1.0.1). The underlying issue is insufficient validation of the Host header, allowing an attacker to craft a request that leaks the password reset token. Impact...
CVE-2024-26470
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...
CVE-2024-26470
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...
CVE-2023-47112
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...
Authorization
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or...
Authorization
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...
CVE-2023-47112 Authenticated users can view job names and groups they do not have authorization to view in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...
CVE-2023-47112 Authenticated users can view job names and groups they do not have authorization to view in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...
CVE-2023-47112
CVE-2023-47112 affects Rundeck (Open Source and Process Automation). Vulnerable behavior: authenticated users can access two endpoints that reveal job names and groups for any project without proper authorization. Root cause: missing/insufficient authorization checks on specific URLs (e.g., /cont...
CVE-2023-48222
Summary (CVE-2023-48222) : Rundeck Open Source and Process Automation products are affected prior to version 4.17.3 . The issue allows authenticated users to access two URLs and view or delete jobs without proper authorization checks, via endpoints such as http(s)://[host]/context/rdJob/ and http...
CVE-2023-48222 Authenticated users can view or delete jobs they do not have authorization for in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or...
CVE-2023-29009 basercms XSS Vulnerability via Favorites Feature
baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0...
CVE-2023-29009 basercms XSS Vulnerability via Favorites Feature
baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0...
CVE-2023-29009 basercms XSS Vulnerability via Favorites Feature
baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0...
CVE-2023-29009
CVE-2023-29009 affects baserCMS: a stored XSS vulnerability in the Favorites feature on baserCMS WebAPI (PHP8/CakePHP4). Root cause is XSS in the Favorites UI leading to script execution on vulnerable admin/user pages. Impact described in sources includes potential browser-execution of arbitrary ...
CVE-2023-31718
FUXA = 1.1.12 is vulnerable to Local via Inclusion via /api/download...
[SECURITY] Fedora 38 Update: R-jsonlite-1.8.5-2.fc38
A reasonably fast JSON parser and generator, optimized for statistical data a nd the web. Offers simple, flexible tools for working with JSON in R, and is particularly powerful for building pipelines and interacting with a web API. The implementation is based on the mapping described in the...
Malicious Package
Overview aspnet-webapi-auth is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
PT-2023-22228 · Jizhicms · Jizhicms
Name of the Vulnerable Software and Affected Versions: JIZHICMS version 2.4.5 Description: A critical issue has been found, affecting the index function of the TemplateController.php file. The manipulation of the webapi argument leads to server-side request forgery, allowing for remote attacks...