CVE-2026-46391

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the...

GO-2026-4531 New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api...

EUVD-2025-38443

Malicious code in telstraprogrammablenetworkapilib npm...

EUVD-2010-1350

Malware in sbrugna...

Malicious code in thescene-api-library (npm)

The package thescene-api-library was found to contain malicious code...

MAL-2025-36799 Malicious code in thescene-api-library (npm)

The package thescene-api-library was found to contain malicious code...

gh 安全漏洞

gh is a GitHub API library open-sourced by R infrastructure. A security vulnerability exists in gh versions prior to 1.5.0, which stems from the inclusion of the Authorization header in an HTTP response, which could lead to information disclosure...

CVE-2025-48391

In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API...

Malicious code in dex-api-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cebe6e3901a157f586d6d5418f0a6995bf4d085c63acd7730784b55b744e65a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-50575

In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API...

CVE-2024-43574

Microsoft Speech Application Programming Interface SAPI Remote Code Execution Vulnerability...

Malicious code in adyen_ruby-api-library (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6524 Malicious code in adyen_ruby-api-library (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

ALSA-2023:7166 Low: tpm2-tss security and enhancement update

The tpm2-tss packages provide the Intel implementation of the Trusted Platform Module TPM 2.0 System API library. This library enables programs to interact with TPM 2.0 devices Security Fixes: tpm2-tss: Buffer Overlow in TSS2RCDecode CVE-2023-22745 For more details about the security issues,...

Low: tpm2-tss security and enhancement update

The tpm2-tss packages provide the Intel implementation of the Trusted Platform Module TPM 2.0 System API library. This library enables programs to interact with TPM 2.0 devices Security Fixes: tpm2-tss: Buffer Overlow in TSS2RCDecode CVE-2023-22745 For more details about the security issues,...

CVE-2022-40258

AMI Megarac Weak password hashes for Redfish & API...

CVE-2022-31580

The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

SpoolFool

This is a code analysis of the AddUser repository. Classification: Exploit module/toolkit targeting Windows systems. Primary CVE ID: Not explicitly stated, but the code appears to be related to the exploitation of a vulnerability in the Windows NetAPI32 library. Target product/service: Windows...

Security Bulletin: OpenSource MIT Kerberos Vulnerabilities affect IBM Security Access Manager for Web (CVE-2015-2695, CVE-2015-2696)

Summary IBM Security Access Manager for Web is affected by MIT Kerberos vulnerabilities. Vulnerability Details CVEID: CVE-2015-2695 DESCRIPTION: MIT Kerberos is vulnerable to a denial of service, caused by a pointer type error in the GSS-API library. By sending a specially crafted gssinquireconte...

Debian: Security Advisory (DLA-940-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...