GHSA-8V65-47JX-7MFR Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability

Summary A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Description The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it doe...

Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability

Summary A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Description The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it doe...

EUVD-2022-1070

Malicious code in bioql PyPI...

EUVD-2025-16735

Malicious code in bioql PyPI...

CVE-2025-7001

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resourcegroup information through the API which should have been unavailable...

Important: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.4.5 security and bug fix update

OpenShift API for Data Protection OADP 1.4.5 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

ConnectWise PSA 安全漏洞

ConnectWise PSA is a specialized service automation software from ConnectWise USA. A security vulnerability exists in ConnectWise PSA versions prior to 2025.9 that stems from the API returning too much user information, which could lead to an authenticated user obtaining an encrypted password has...

Important: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.7 security and bug fix update

OpenShift API for Data Protection OADP 1.3.7 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2025-25020

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input...

CVE-2025-47792 Nextcloud Desktop 3rdparty applications can create share links via socket API

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

Moodle 4.5.x < 4.5.3 Unauthenticated REST API Data Exposure

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.17 or 4.3.x prior to 4.3.11 or 4.4.x prior to 4.4.7 or 4.5.x prior to 4.5.3. It is, therefore, affected by a data exposure through the REST API. Note that the scanner has not tested for these issu...

CVE-2024-57868

Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...

CVE-2025-0589

In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly...

CVE-2025-0589

In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly...

XVIDEOS: API Data Leakage Vulnerability Report - `xvcams.com`

HackerOne API Data Leakage Vulnerability Report - xvcams.com --- Summary: A sensitive data exposure vulnerability was discovered in the API endpoints of xvcams.com. These API responses leak personally identifiable information PII of models, including birthdates, locations, eye color, phone...

CVE-2024-48346

xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...

CVE-2024-48346

xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...

Cross-site Scripting (XSS)

github.com/alexxit/go2rtc is vulnerable to DOM-based cross-site scripting XSS. The vulnerability is due to the lack of input sanitization when appending API data using innerHTML in the index page index.html, allowing an attacker to execute malicious scripts in the context of the go2rtc instance's...

PT-2024-28331 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in idccms via the "/admin/vpsApiData deal.php" endpoint, specifically when the mudi and nohrefStr parameters are set to 'rev' and 'close', respectively...

PT-2024-28332 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the component /admin/vpsApiData deal.php. The mudi parameter is involved, specifically when set to del. This allows for unauthorized actions to be...