CVE-2026-20195 Cisco Identity Services Engine Observable Response Discrepancy Vulnerability

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the commentable field in the API, which allows access to all commentable resources without permission checks. An attacker can retrieve sensitive information by sending unauthenticated requests to the /api...

Exploit for CVE-2026-25099

CVE-2026-25099 — Bludit CMS API Unrestricted File Upload to RC...

PT-2026-7941

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

CVE-2025-12997

Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: befo...

Kalmia 安全漏洞

Kalmia is an open source document content management system from Iridia Solutions Private Limited. A security vulnerability exists in Kalmia version 0.2.0, which stems from insufficient validation of permissions in the /kal-api/auth/users API endpoint, which could lead to the disclosure of...

EUVD-2025-37887

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE and EE versions 11.7 through 18.3...

PT-2025-41233

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A missing authorization check exists in the API endpoint responsible for managing custom domains, located at /custom-domains. This allows for unauthorized manipulation of custom domain settings...

PT-2025-1435 · Unknown · Synnefo Internet Management

Name of the Vulnerable Software and Affected Versions: Synnefo Internet Management Software versions 2023 and earlier Description: A SQL injection issue exists due to improper input validation in a specific API endpoint parameter, allowing an attacker to manipulate SQL queries via crafted input...

ZimaOS 信息泄露漏洞

ZimaOS is an open source operating system project from IceWhaleTech that aims to provide a lightweight, high-performance, secure operating system environment. An information disclosure vulnerability previously existed in ZimaOS version 1.2.4, which stemmed from an API endpoint in ZimaOS that woul...

PT-2022-26708 · Tenda · Tenda Tx3

Name of the Vulnerable Software and Affected Versions: Tenda TX3 version US TX3V1.0br V16.03.13.11 multi TDE01 Description: A stack overflow issue was discovered via the list parameter at the "/goform/SetVirtualServerCfg" API endpoint. Recommendations: For Tenda TX3 version US TX3V1.0br...

TerraMaster TOS 安全漏洞

TerraMaster TOS is a Linux-based operating system dedicated to the TerraMaster Cloud Storage NAS server from China's TerraMaster Corporation. TerraMaster TOS has a security vulnerability that can be exploited by an attacker executing a request to the /module/api.php?mobile/wapNasIPS endpoint to...

CVE-2021-1577

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due t...

PT-2021-2193 · Cisco · Cisco Application Policy Infrastructure Controller +1

Name of the Vulnerable Software and Affected Versions: Cisco ACI Multi-Site Orchestrator MSO affected versions not specified Description: A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO could allow an unauthenticated, remote attacker to bypass authentication on an...