CVE-2025-46122

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint /admin/cmdstat.jsp passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC...

CVE-2025-31513

An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can elevate to administrator privileges via the IsAdminApprover parameter in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version equal to or greater...

CVE-2025-20284

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...

PT-2025-29855 · Cisco · Cisco Ise +1

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Cisco ISE-PIC affected versions not specified Description: A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on t...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 - F5 BIG-IP iControl REST Authentication Bypass...

CVE-2025-52569

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the GitHub.repo function, the user can provide any string for the reponame field. These inputs are not validate...

CVE-2025-20281

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to...

PT-2025-26847

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine and Cisco ISE-PIC versions 3.3 and later Cisco ISE versions prior to 3.3 Patch 7 Cisco ISE versions prior to 3.4 Patch 2 Description A vulnerability exists in a specific API of Cisco ISE and Cisco ISE-PIC due to...

CVE-2025-6453

CVE-2025-6453 affects diyhi bbs version 6.8 in the API component, specifically the Add function in ForumManageAction.java. The root cause is improper handling of the dirName argument, enabling path traversal. The vulnerability is exploitable remotely and public exploit details have been disclosed...

CVE-2025-5018

The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hsupdateaichatsettings and hivelitesupportgetallbinbox functions in all versions up to, and including, 1.2.5. This makes it possible for authenticated...

CVE-2024-50334

Scoold is a Q and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT reques...

CVE-2025-48695

An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access control: /api/v2/users/user//role/ROLE/ admin access can be achieved...

CVE-2023-3076

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features...

CVE-2021-32933

An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process...

CVE-2021-45978

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API...

CVE-2020-9450

An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to antiransomwareservice.exe. This can be exploited to add an arbitrary malicious...

PT-2025-22377 · Cisco · Cisco Unified Intelligence Center

Name of the Vulnerable Software and Affected Versions: Cisco Unified Intelligence Center affected versions not specified Description: The issue is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this by submitting a crafted...

CVE-2025-3446 Members Without Guest Invite Permissions Can Add Guests to Teams

Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...

CVE-2025-46815 ZITADEL Allows IdP Intent Token Reuse

The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id...

CVE-2025-4355 Tenda DAP-1520 api set_ws_action heap-based overflow

A vulnerability was found in Tenda DAP-1520 1.10B04BETA02. It has been classified as critical. This affects the function setwsaction of the file /dws/api/. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the...