CVE-2024-10481 Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...

CVE-2023-40723

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2...

CVE-2023-40723

Fortinet FortiSIEM is affected by CVE-2023-40723 across multiple releases: 5.1.0–5.1.3, 5.2.1–5.2.2, 5.2.5–5.2.8, 5.3.0–5.3.3, 5.4.0, 6.1.0–6.1.2, 6.2.0–6.2.1, 6.3.0–6.3.3, 6.4.0–6.4.2, 6.5.0–6.5.1, 6.6.0–6.6.3, 6.7.0–6.7.4. The issue allows an attacker to disclose sensitive information and execu...

VulnCheck KEV: CVE-2024-23109

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

CVE-2025-27364

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution RCE vulnerability was found in the dynamic agent implant compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web...

F5 BIG-IP Next Central Manager Input Validation Error Vulnerability

F5 BIG-IP Next Central Manager is a centralized console from F5 USA. An input validation error vulnerability exists in F5 BIG-IP Next Central Manager, which stems from mishandling of API requests, and can be exploited by an attacker to cause termination of the Kubernetes service via an undisclose...

CVE-2025-20075

CVE-2025-20075 describes a Server-Side Request Forgery (SSRF) in FileMegane by JIP InfoBridge. Affected versions are above 3.0.0.0 and below 3.4.0.0; the issue allows executing arbitrary backend Web API requests, with potential for rebooting services. Root cause is SSRF in FileMegane’s handling o...

CVE-2025-20075

Server-side request forgery SSRF vulnerability exists in FileMegane versions above 3.0.0.0 prior to 3.4.0.0. Executing arbitrary backend Web API requests could potentially lead to rebooting the services...

CVE-2024-37018

The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets...

K000148412: BIG-IP Next Central Manager vulnerability CVE-2025-24319

Security Advisory Description When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. CVE-2025-24319 Impact This vulnerability may allow a low-privileged, authenticat...

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

F5 BIG-IP Next Central Manager 输入验证错误漏洞

F5 BIG-IP Next Central Manager is a centralized console from F5 USA. An input validation error vulnerability exists in F5 BIG-IP Next Central Manager, which stems from mishandling of API requests, and can be exploited by an attacker to cause termination of the Kubernetes service via an undisclose...

BIT-GITLAB-2025-0194 Insertion of Sensitive Information into Externally-Accessible File or Directory in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner...

CVE-2025-0194

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner...

CVE-2025-0194

CVE-2025-0194 (GitLab CE/EE) affects GitLab releases with logged access tokens during API requests under certain conditions. Affected versions are: 17.4 up to but not including 17.5.5; 17.6 up to 17.6.3; and 17.7 up to 17.7.1. The issue is mitigated by upgrading to the patched releases: 17.5.5 or...

CVE-2025-0194 Insertion of Sensitive Information into Externally-Accessible File or Directory in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner...

CVE-2025-0194 Insertion of Sensitive Information into Externally-Accessible File or Directory in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner...

CVE-2025-0194 Insertion of Sensitive Information into Externally-Accessible File or Directory in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner...

CVE-2025-0194

Removed by vendor...

WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service

Summary A Denial of Service DoS vulnerability in the authentication middleware allows any client to cause memory exhaustion by sending large request bodies. The server reads the entire request body into memory without size limits, creating multiple copies during processing, which can lead to Out ...