API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover. ...
Continue Reading10 мая, 2022
The SEMA API WordPress plugin through 3.64 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauth ...
Continue Reading09 мая, 2022
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. ...
Continue Reading09 мая, 2022
The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the ...
Continue Reading09 мая, 2022
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability ...
Continue Reading06 мая, 2022
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress ve ...
Continue Reading06 мая, 2022
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API g ...
Continue Reading05 мая, 2022
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io ...
Continue Reading05 мая, 2022
Back to Main