Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-3198
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated malicious users to update status order message via a forged request grant...
Inspireui Mstore Api
4.3
CVSSv3
CVE-2023-3199
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_title function. This makes it possible for unauthenticated malicious users to update status order title via a forged request granted t...
Inspireui Mstore Api
4.3
CVSSv3
CVE-2023-3201
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated malicious users to update new order title via a forged request granted they ca...
Inspireui Mstore Api
4.3
CVSSv3
CVE-2023-3202
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_firebase_server_key function. This makes it possible for unauthenticated malicious users to update the firebase server key to push notification whe...
Inspireui Mstore Api
8.8
CVSSv3
CVE-2020-14159
By using an Automate API in ConnectWise Automate prior to 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. This affects versions prior to...
Connectwise Automate Api
9.8
CVSSv3
CVE-2019-25158
A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch ...
Pedroetb Tts-api
7.5
CVSSv3
CVE-2022-47614
Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions.
Inspireui Mstore Api
5.4
CVSSv3
CVE-2017-1000442
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace
Passbolt Passbolt Api
8.1
CVSSv3
CVE-2022-29603
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API up to and including 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for e...
Universis Universis-api
6.5
CVSSv3
CVE-2020-4337
IBM API Connect 2018.4.1.0 up to and including 2018.4.1.12 could allow an malicious user to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.
Ibm Api Connect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »