The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server f ...
Continue Reading
May 21, 2022
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user creden ...
Continue Reading
May 20, 2022
The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered ...
Continue Reading
May 20, 2022
Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers. ...
Continue Reading
May 20, 2022
# Description There are some `api v2` doesn't check permission allow attackers to retrieve/edit information `ticket`,`account`,`group`,`department`,`team`,`ElasticSearch` # Proof of Concept *Get user ...
Continue Reading
May 20, 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. ...
Continue Reading
May 19, 2022
XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Mana ...
Continue Reading
May 19, 2022
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attr ...
Continue Reading
May 19, 2022
Back to Main
