PT-2025-45564

Name of the Vulnerable Software and Affected Versions Alex Reservations: Smart Restaurant Booking plugin for WordPress versions up to and including 2.2.3 Description The Alex Reservations: Smart Restaurant Booking plugin for WordPress is susceptible to arbitrary file uploads because of a lack of...

EUVD-2025-38216

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler via verifyPeerCert, an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileg...

CVE-2025-37736 Elastic Cloud Enterprise Improper Authorization

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...

CVE-2025-61956

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...

How to Protect Personal Data in Today’s API Economy

...

CVE-2025-55278

Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized...

Cisco Unified Intelligence Center API Information Disclosure (cisco-sa-cc-mult-vuln-gK4TFXSn)

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...

CVE-2025-20377

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...

EUVD-2025-37960

Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized...

Ubia Ubox 安全漏洞

Ubia Ubox is an intelligent video surveillance device from China's Yuchuan Network Ubia. Ubia Ubox has a security vulnerability that stems from a failure to adequately protect API credentials, which could lead to unauthorized access to the camera and view live feeds or modify settings...

GO-2025-4022 Omni vulnerable to information leak via API in github.com/siderolabs/omni

Omni vulnerable to information leak via API in github.com/siderolabs/omni...

PT-2025-45165

Name of the Vulnerable Software and Affected Versions HCL DevOps Loop affected versions not specified Description The API authentication middleware in HCL DevOps Loop does not properly validate authentication tokens, specifically regarding their expiration and cryptographic signature. This could...

Cisco多款产品 信息泄露漏洞

Cisco Unified Intelligence Center and others are products of Cisco USA.Cisco Unified Intelligence Center is a Web-based reporting platform.Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution.Cisco Unified Contact...

PT-2025-45134

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...

CVE-2025-61956

Radiometrics VizAir is affected by a lack of authentication for critical functions (admin panel and REST API). This could allow an unauthenticated attacker to modify configurations and weather data, potentially manipulating active runway settings, misleading air traffic control and pilots, and ca...

CVE-2025-61956 Missing Authentication for Critical Function in Radiometrics VizAir

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...

WordPress ViaAds plugin <= 2.1.1 - Cross-Site Request Forgery to API Key Update vulnerability

Cross-Site Request Forgery to API Key Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin ViaAds versions = 2.1.1...

PT-2025-45018

Name of the Vulnerable Software and Affected Versions Radiometrics VizAir affected versions not specified Description Radiometrics VizAir lacks authentication mechanisms for critical functions, including admin access and API requests. This allows attackers to modify configurations without...

PT-2025-45004

Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization exists in CanalDenuncia.app. An attacker can access other users' information by sending a POST request through the id sociedad parameter in the...

EUVD-2025-37435

Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...