EUVD-2022-42529

Malicious code in bioql PyPI...

EUVD-2023-0239

Malicious code in bioql PyPI...

EUVD-2022-2280

Malicious code in bioql PyPI...

EUVD-2022-37719

Malicious code in bioql PyPI...

EUVD-2024-47127

Malicious code in bioql PyPI...

CVE-2025-59686

Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id...

CVE-2025-56562

An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address...

CVE-2025-56562

An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address...

EUVD-2025-27608

Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation...

PT-2025-29925 · Mingyu · Mingyu Security Gateway

Name of the Vulnerable Software and Affected Versions: Mingyu Security Gateway versions prior to 3.0-5.3p Description: The Mingyu Security Gateway is susceptible to a remote command execution RCE issue. This occurs due to a flaw in the handling of the log type parameter within the /log/fw...

CVE-2025-53862 Aap: aap-gateway: automation-hub: sensitive information disclosure

A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information...

CVE-2025-53532

CVE-2025-53532 affects giscus server-side API, allowing an unauthorized user to create discussions in any repository where giscus is installed. Impact is partial for integrity with no confidentiality/availability impact stated; CVSS v3.1 base score 5.3 (Network attack vector, Low attack complexit...

CVE-2025-5822

Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation is confirmed for CVE-2025-5822. The flaw exists in the Autel Technician API implementation and results from incorrect authorization, allowing an attacker who has obtained a low-privilege authorizat...

CVE-2024-0969

The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content...

CVE-2023-36829

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...

CVE-2022-23858

A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2...

CVE-2022-32268

StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can injec...

SUSE CVE-2025-46815

The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id...

PT-2025-21653 · WordPress · Wordpress Eventin

Name of the Vulnerable Software and Affected Versions: Eventin versions n/a through 4.0.26 Description: A critical privilege escalation flaw has been discovered in the Eventin WordPress plugin, allowing unauthenticated attackers to gain full admin access without the need for a login. This issue...

CVE-2024-12019

CVE-2024-12019 describes an arbitrary file read flaw in the LogicalDOC document API. An authenticated attacker who has at least read and download privileges on an existing document can exploit the API to read files on the underlying OS, potentially accessing any file within the privileges of the ...