28 matches found
EUVD-2005-2632
Malware in sbrugna...
EUVD-2014-0231
Malware in sbrugna...
EUVD-2023-58372
Malicious code in bioql PyPI...
EUVD-2022-3709
Malicious code in bioql PyPI...
EUVD-2024-0930
Malicious code in bioql PyPI...
EUVD-2022-29591
Malicious code in bioql PyPI...
EUVD-2023-58438
Malicious code in bioql PyPI...
CVE-2025-48827
CVE-2025-48827 affects vBulletin 5.0.0ā5.7.5 and 6.0.0ā6.0.3. The issue is an authentication bypass that allows unauthenticated attackers on PHP 8.1+ to invoke protected API controller methods remotely (e.g., via /api.php?method=protectedMethod), with confirmed exploitation in the wild and potent...
VulnCheck KEV: CVE-2025-48827
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...
CVE-2024-27101
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...
CVE-2025-21611
CVE-2025-21611 affects tgstation-server (BYOND server management). Before version 6.12.3, the authorization check for API methods used OR between the user-enabled status and the role, instead of AND. This error allowed enabled users to access most authorized actions regardless of their permission...
CVE-2025-21611 tgstation-server's role authorization incorrectly OR'd with user's enabled status
tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...
CVE-2025-21611 tgstation-server's role authorization incorrectly OR'd with user's enabled status
tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...
PT-2024-5774 Ā· Trueconf Ā· Trueconf Server
Name of the Vulnerable Software and Affected Versions: TrueConf Server affected versions not specified Description: The issue is related to insufficient protection of service data in TrueConf Server, which can be exploited by a remote attacker to gather user system information through API methods...
Integer overflow in chunking helper causes dispatching to miss elements or panic
Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The issue may also lead to a panic rendering the server unavailable The following API methods are affected: - CheckPermission -...
Integer overflow
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...
CVE-2024-27101 Integer overflow in chunking helper causes dispatching to miss elements or panic
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...
Design/Logic Flaw
Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods...
CVE-2023-6189
The CVE-2023-6189 entry concerns the M-Files server prior to version 23.11.13156.0, where a lack of proper access permissions checks allows an attacker to perform data write and export operations via the M-Files API. Affected component: M-Files server; root cause: missing access control on API me...
CVE-2023-6189 Improper Permission Handling in M-Files Server
Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods...