CVE-2024-11173

CVE-2024-11173 affects the danny-avila/librechat project (git 600d217). An unhandled exception in API request handling can crash the server, causing a full denial of service. Exploitation requires a valid JWT, but LibreChat’s open registration allows attackers to create accounts and trigger the a...

PT-2025-12155 · Comfyui · Comfyui

Name of the Vulnerable Software and Affected Versions: comfyanonymous/comfyui version v0.2.4 Description: The issue is related to a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view...

PT-2025-12046

Name of the Vulnerable Software and Affected Versions: h2oai/h2o-3 versions 3.46.0.4 through 3.46.0.5 Description: A vulnerability in the h2oai/h2o-3 REST API allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The issue exists in the endpoints...

PT-2025-12042 · Comfyanonymous · Comfyui

Name of the Vulnerable Software and Affected Versions: comfyanonymous/comfyui versions up to v0.2.2 Description: A CSRF issue exists, allowing attackers to host malicious websites that can perform arbitrary API requests on behalf of authenticated users when visited. This can be exploited to uploa...

PT-2025-12276 · Zenml · Zenml

Name of the Vulnerable Software and Affected Versions: zenml version 0.66.0 Description: A Denial of Service DoS vulnerability allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipar...

CVE-2025-30141

An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to the dashcam's network can retrieve all...

CVE-2025-30141

An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to the dashcam's network can retrieve all...

CVE-2025-30137

An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to...

PT-2025-11644 · G Net · G-Net Dashcam Bb Gonx

Name of the Vulnerable Software and Affected Versions: G-Net Dashcam BB GONX devices affected versions not specified Description: The issue allows remote access to recorded and live video feeds on the G-Net Dashcam BB GONX devices. It exposes API endpoints on ports 9091 and 9092, enabling an...

CVE-2025-30141

The CVE-2025-30141 issue affects G-Net Dashcam BB GONX devices. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds, enabling an attacker on the same network to retrieve stored recordings and pull live streams (RTSP on 9092). Some sources indi...

AWS VDP: Non-Production API Endpoints for the Health Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The AWS Health service was found to have 11 non-production API endpoints that could be accessed using standard IAM credentials without logging to CloudTrail. This allowed for silent permission enumeration, where an adversary could test the capabilities of compromised credentials without generatin...

CVE-2025-29997

This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts...

CVE-2025-29997

This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts...

CVE-2025-29995

The CVE-2025-29995 entry refers to a vulnerability in the CAP back office application caused by a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit the vulnerable API endpoint to achieve account takeover of targeted us...

NocoDB Cross-Site Scripting Vulnerability (CNVD-2025-05387)

NocoDB is an open source Airtable alternative. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb to a smart spreadsheet. A cross-site scripting vulnerability exists in NocoDB versions prior to 0.258.0, which stems from the lack of effective filtering and escaping of user-supplied data...

PT-2025-11679 · Openresty +1 · Lua-Nginx-Module +2

Name of the Vulnerable Software and Affected Versions: OpenResty/lua-nginx-module affected versions not specified Description: The issue concerns HTTP Request Smuggling in HEAD requests. When handling HTTP/1.1 requests, the lua-nginx-module incorrectly parses HEAD requests with a body, treating t...

AWS VDP: Non-Production API Endpoints for the Forecast Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The Forecast service in Amazon Web Services AWS has four non-production API endpoints that can be accessed using standard IAM credentials, but do not log any activity to CloudTrail. This allows for silent permission enumeration, where an adversary can test the capabilities of compromised...

PT-2025-9048 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP5 Description: The issue allows an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter, enabling local file inclusion. Recommendations: For...

CVE-2025-27112

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

AWS VDP: Non-Production API Endpoints for the DocumentDB Elastic Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The DocumentDB Elastic service was found to have three non-production API endpoints that could be accessed using standard IAM credentials without logging to CloudTrail. This allowed for silent permission enumeration, where an adversary could determine the permissions of compromised credentials...