Ratpack up to 1.8.x HTTP Header X-Forwarded-Host request smuggling
A vulnerability has been found in Ratpack up to 1.8.x and classified as problematic. This vulnerability affects some unknown processing
Adobe RoboHelp Server up to 2019.0.9 HTTP POST Request path traversal
A vulnerability was found in Adobe RoboHelp Server up to 2019.0.9. It has been declared as critical. This vulnerability affects
IBM Security Verify up to 10.9.66 HTTP GET Request information disclosure
A vulnerability was found in IBM Security Verify up to 10.9.66. It has been declared as problematic. Affected by this
Squid Web Proxy up to 4.14/5.0.5 HTTP Range Request denial of service
A vulnerability was found in Squid Web Proxy up to 4.14/5.0.5 (Firewall Software). It has been rated as problematic. Affected
What Is an API Request?
Home What Is an API Request? 6.3k Views 6 min. read Learning Center Related Content What Is an API Response?
India Cyber Attack: 85 Million Malicious Requests Blocked by Prophaze
In the wake of recent escalations between India and Pakistan, India’s critical digital infrastructure faced a coordinated and massive cyber
CVE-2024-12867 : ARCTIC SECURITY ARCTIC HUB UP TO 5.5.1872 CONFIGURATION SERVER-SIDE REQUEST FORGERY
Description Server-Side Request Forgery in URL Mapper in Arctic Security’s Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to
CVE-2024-28767 : IBM SECURITY DIRECTORY INTEGRATOR UP TO 7.2.0.13/10.0.3 REQUEST OS COMMAND INJECTION
Description IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute
CVE-2021-26102 : FORTINET FORTIWAN UP TO 4.4.1/4.5.7 POST REQUEST AUTHENTICATION BYPASS
Description A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote
CVE-2024-48889 : FORTINET FORTIMANAGER UP TO 6.4.14/7.0.12/7.2.7/7.4.4/7.6.0 FGFM REQUEST OS COMMAND INJECTION
Description An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiManager version
CVE-2023-34990 : FORTINET FORTIWLM UP TO 8.5.4/8.6.5 WEB REQUEST PATH TRAVERSAL
Description A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute
CVE-2024-49768 : PYLONS WAITRESS UP TO 3.0.0 ON PYTHON HTTP PIPELINING RECV_BYTES TOCTOU
Description Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a
CVE-2024-47575 : FONTINET FORTIMANAGER UP TO 7.6.0 REQUEST MISSING AUTHENTICATION
Description A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0
CVE-2024-46257 : NGINXPROXYMANAGER 2.11.3 REQUESTLETSENCRYPTSSLWITHDNSCHALLENGE COMMAND INJECTION
Description A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add
CVE-2024-45410 : TRAEFIK HTTP HEADER X-FORWARDED LESS TRUSTED SOURCE
Description Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers
CVE-2024-5053 : TECHJEWEL CONTACT FORM PLUGIN UP TO 5.1.18 ON WORDPRESS MAILCHIMP API KEY VERIFYREQUEST IMPROPER AUTHORIZATION
Description The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for
CVE-2024-43117 : WPMU DEV HUMMINGBIRD PLUGIN UP TO 3.9.1 ON WORDPRESS CROSS-SITE REQUEST FORGERY
Description Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1. References https://patchstack.com/database/vulnerability/hummingbird-performance/wordpress-hummingbird-plugin-3-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve For
CVE-2024-21690 : ATLASSIAN CONFLUENCE DATA CENTER/CONFLUENCE SERVER UP TO 8.9.5 CROSS-SITE REQUEST FORGERY
Description This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0,
CVE-2024-43379 : TRUFFLESECURITY TRUFFLEHOG UP TO 3.81.8 ENDPOINT SERVER-SIDE REQUEST FORGERY
Description TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in
CVE-2022-4002 : MOTOROLA Q14 MESH ROUTER PRIOR 1.5.0.16 API REQUEST COMMAND INJECTION
Description A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially
CVE-2024-6922 : AUTOMATION ANYWHERE AUTOMATION 360 UP TO 32 WEB API SERVER-SIDE REQUEST FORGERY
Description Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with
CVE-2024-37260 : THEME-RUBY FOXIZ PLUGIN UP TO 2.3.5 ON WORDPRESS SERVER-SIDE REQUEST FORGERY
Description Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5. References https://patchstack.com/database/vulnerability/foxiz/wordpress-foxiz-theme-theme-2-3-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve For More
CVE-2024-37769 : 14FINGER 1.1 POST REQUEST PERMISSION
Description Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST
CVE-2024-5672 : RED LION EUROPE MBNET.MINI UP TO 2.2.11 GET REQUEST OS COMMAND INJECTION
Description A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special