1618 matches found
CVE-2025-62368
Taiga CVE-2025-62368 affects Taiga Open Source Project Management
CVE-2025-62367 Taiga Blind SQL Injection Time Based
Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0...
Taiga SQL注入漏洞
Taiga is a free open source project management tool from Taiga Open Source. An SQL injection vulnerability exists in Taiga 6.8.3 and earlier versions, which stems from the presence of blind time-based SQL injection in the API, which could lead to sensitive data disclosure...
CVE-2025-34133 Wimi Teamwork < v7.38.17 CSRF
Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery CSRF vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrftoken' without validating the field’s value; only the presence of the field is checked. An attacker can craf...
CVE-2025-34133
Wimi Teamwork
EUVD-2025-35899
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...
PT-2025-43586
Name of the Vulnerable Software and Affected Versions URL Shortener Plugin For WordPress versions through 3.0.7 Description The URL Shortener Plugin For WordPress plugin is susceptible to unauthorized access to API functionality. A missing capability check within the verifyRequest function allows...
openjdk: Enhance String handling (Oracle CPU 2025-10)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15...
CVE-2025-11925
Incorrect Content-Type header in one of the APIs text/html instead of application/json replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-11925
The CVE-2025-11925 issue affects Azure Access Technology BLU-IC2 and BLU-IC4 (through version 1.19.5). The root cause is an improperly set Content-Type header in an API response, sending text/html instead of application/json. This mismatch could allow injection of HTML/JavaScript into replies. Ex...
Microsoft NtQueryInformation Token 安全漏洞
Microsoft NtQueryInformation Token is an API function from Microsoft Corporation USA. A security vulnerability exists in Microsoft NtQueryInformation Token, which stems from a vulnerability that can be exploited by an attacker to elevate privileges...
CVE-2025-11437
A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...
New API 代码问题漏洞
New API is a QuantumNous open source interface software. A code issue vulnerability exists in New API versions prior to 0.9.0.5 that stems from not properly validating a user-supplied URL, which could lead to a server-side request forgery attack...
CVE-2025-61784 LLaMA Factory's Chat API has Critical SSRF and LFI Vulnerabilities
LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery SSRF vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to internal and external networks. This can lead to the exposure ...
EUVD-2016-9949
Malware in sbrugna...
EUVD-2011-0486
Malware in sbrugna...
EUVD-2016-4744
Malware in sbrugna...
EUVD-2021-0018
Malware in sbrugna...
EUVD-2018-1068
Malware in sbrugna...
EUVD-2018-1153
Malware in sbrugna...