CVE-2023-20223

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...

CVE-2022-32290

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...

CVE-2022-36412

In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. An API request may, in effect, be executed with the credentials of a user who authenticated in the past...

CVE-2022-35136

Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests...

CVE-2022-38771

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...

CVE-2022-45636

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock models without authorization via arbitrary API requests...

CVE-2020-8791

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary...

CVE-2020-4729

IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the...

CVE-2012-1472

VMware vCenter Chargeback Manager aka CBM before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors...

CVE-2025-20113

CVE-2025-20113 – Cisco Unified Intelligence Center Privilege Escalation : A vulnerability due to insufficient server-side validation of user-supplied parameters in API/HTTP requests can allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions. ...

CVE-2025-20113 Cisco Unified Intelligence Center Privilege Escalation Vulnerability

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HT...

CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

PT-2025-22378 · Cisco · Cisco Unified Intelligence Center

Name of the Vulnerable Software and Affected Versions: Cisco Unified Intelligence Center affected versions not specified Description: The issue is due to insufficient validation of user-supplied parameters in API requests, allowing an authenticated, remote attacker to perform a horizontal privile...

CVE-2025-2527

Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request...

CVE-2025-2527

CVE-2025-2527 affects Mattermost Server versions 10.5.x ≤ 10.5.2 and 9.11.x ≤ 9.11.11, where the server fails to properly verify a user’s permissions when accessing groups, enabling an attacker to view group information via an API request. The issue is documented across multiple feeds (GO-2025-36...

CVE-2025-4428

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests...

CVE-2025-4428

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests...

CVE-2025-4428 Remote Code Execution

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests...

CVE-2025-4428

Ivanti Endpoint Manager Mobile (EPMM) Code Injection vulnerability (CVE-2025-4428). An authenticated attacker can remotely execute arbitrary code via crafted API requests in the API component. Root cause cited as insecure implementation/interpolation involving the Hibernate Validator library, wit...