Linux Distros Unpatched Vulnerability : CVE-2024-5005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5,...

Linux Distros Unpatched Vulnerability : CVE-2016-7404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL...

CVE-2024-50645

MallChat v1.0-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token...

CVE-2025-9074

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation ECI enabled, and with or without th...

CVE-2025-50904

There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 2025-06-11. An attacker can exploit this vulnerability to access /admin/ API without any token...

CVE-2024-50644

zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token...

PandoraNext-TokensTool 安全漏洞

PandoraNext-TokensTool is a management software for PandoraNext by Clivia Personal Developer! A security vulnerability exists in PandoraNext-TokensTool version 0.6.8 and earlier, which stems from the ability to bypass authentication to access the API...

Linux Distros Unpatched Vulnerability : CVE-2018-6083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access...

CVE-2025-9074

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation ECI enabled, and with or without th...

CVE-2025-57788

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

Radar 安全漏洞

Radar wind control engine is a lightweight real-time wind control engine by feihu.wang individual developers. A security vulnerability exists in Radar v1.0.8, which stems from improper access control and could lead to unauthorized access to sensitive APIs...

my-site 安全漏洞

my-site is WinterChenS individual developer's personal website based on springboot 2.0 development, integrated with: personal home page, personal blog, personal works. A security vulnerability exists in my-site version 6c79286, which stems from an authentication bypass that could lead to...

CVE-2024-57491

CVE-2024-57491 affects jobx (up to v1.0.1-RELEASE). The vulnerability is an authentication bypass in the preHandle function, allowing access to sensitive APIs without a token. CVSSv3.1 base score 8.8 (HIGH) with network attack vector, low attack complexity, no privileges required, user interactio...

CVE-2025-57788 Unauthorized API Access Risk

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

PT-2025-34057

Name of the Vulnerable Software and Affected Versions Docker Desktop versions prior to 4.44.3 Description A flaw in the container isolation mechanism of Docker Desktop for Windows and macOS allows local Linux containers to gain unauthenticated access to the Docker Engine API via the configured...

jobx 安全漏洞

jobx is an open source make scheduling software from Datavane. A security vulnerability exists in jobx v1.0.1-RELEASE and earlier versions, which stems from an authentication bypass vulnerability in the preHandle function that could lead to unauthorized access to sensitive APIs...

CVE-2024-57491

Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle function...

📄 Wazuh Server Remote Code Execution

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are serialized as JSON and...

Privileged OpenBao Operator May Execute Code on the Underlying Host

Impact Under certain threat models, OpenBao operators with privileged API access may not be system administrators and thus normally lack the ability to update binaries or execute code on the system. Additionally, privileged API operators should be unable to perform TCP connections to arbitrary...

GHSA-XP75-R577-CVHP Privileged OpenBao Operator May Execute Code on the Underlying Host

Impact Under certain threat models, OpenBao operators with privileged API access may not be system administrators and thus normally lack the ability to update binaries or execute code on the system. Additionally, privileged API operators should be unable to perform TCP connections to arbitrary...