266 matches found
CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution
The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...
CVE-2025-13160
IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network...
SUSE CVE-2025-62714
Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...
GO-2025-4061 Mattermost Server exposes sensitive information about team URLs via an API in github.com/mattermost/mattermost-server
Mattermost Server exposes sensitive information about team URLs via an API in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...
CVE-2025-54548 On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)
On affected platforms, restricted users could view sensitive portions of the config database via a debug API e.g., user password hashes...
CVE-2025-34293
GN4 Publishing System before 2.6 is affected by an insecure direct object reference (IDOR) via the API. Authenticated requests to object endpoints allow an authenticated user to query arbitrary user IDs and retrieve sensitive data, including stored passwords and the account’s security question/an...
PT-2025-43674
Name of the Vulnerable Software and Affected Versions GN4 Publishing System versions prior to 2.6 Description GN4 Publishing System contains an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API’s object endpoints allow an authenticated user to...
CVE-2025-61907
Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...
CVE-2025-40676 Múltiples vulnerabilidades en Negotiator de BBMRI-ERIC
Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...
EUVD-2021-26244
Malware in sbrugna...
EUVD-2014-0263
Malware in sbrugna...
EUVD-2020-18350
Malware in sbrugna...
EUVD-2018-17038
Malware in sbrugna...
EUVD-2013-4207
Malware in sbrugna...
EUVD-2021-19515
Malware in sbrugna...
EUVD-2022-38837
Malicious code in bioql PyPI...
EUVD-2023-56164
Malicious code in bioql PyPI...
EUVD-2024-43136
Malicious code in bioql PyPI...
EUVD-2025-28981
Malicious code in bioql PyPI...
EUVD-2022-7155
Malicious code in bioql PyPI...