CVE-2025-8812

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-8812

CVE-2025-8812 affects atjiu pybbs

CVE-2025-8749

Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots MiR Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request...

CVE-2025-8790

A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. The manipulation of the argument ID leads to improper authorization. The attack can be initiated...

CVE-2025-8789

A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The explo...

CVE-2025-8790 Portabilis i-Educar API Endpoint pessoa improper authorization

A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. The manipulation of the argument ID leads to improper authorization. The attack can be initiated...

CVE-2025-8790

CVE-2025-8790 affects Portabilis i-Educar up to 2.9.0. The vulnerability is in the API Endpoint component, specifically the file /module/Api/pessoa, where manipulating the ID argument leads to improper authorization. The issue is exploitable remotely, with exploits disclosed publicly. Multiple so...

CVE-2025-8789 Portabilis i-Educar API Endpoint Diario authorization

A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The explo...

CVE-2025-7770

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID...

A Misconfiguration That Haunts Corporate Streaming Platforms Could Expose Sensitive Data

A security researcher discovered that flawed API configurations are plaguing corporate livestreaming platforms, potentially exposing internal company meetings—and he's releasing a tool to find them...

PT-2025-32370 · Unknown · Registered Product

Name of the Vulnerable Software and Affected Versions: versions prior to April 6, 2025 Description: The product does not limit the number of attempts for entering the correct PIN for a registered product, potentially allowing an attacker to gain unauthorized access using brute-force methods if th...

Mobile Industrial Robots MiR Robots 安全漏洞

Mobile Industrial Robots MiR Robots is an autonomous mobile robot from Mobile Industrial Robots, Denmark. A security vulnerability exists in Mobile Industrial Robots MiR Robots versions prior to 3.0.0, which stems from a path traversal issue in the API endpoint that could lead to file extraction...

The vulnerability of the API interface of the 5G HPE Aruba Networking Private 5G Core platform allows a attacker to disclose protected information.

The vulnerability of the API interface of the 5G HPE Aruba Networking Private 5G Core platform relates to the insecure storage of confidential information. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

Linux Distros Unpatched Vulnerability : CVE-2019-12473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in...

CVE-2025-44779

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull...

CLSA-2025-1754341122 java-1.8.0-openjdk: Fix of 4 CVEs

Update to shenandoah-jdk8u462-b08 GA - Security fixes from OpenJDK 8u462-b08: - CVE-2025-30749: fix 2D vulnerability allowing remote attackers to compromise JVM via network access - CVE-2025-30754: fix JSSE vulnerability allowing unauthorized data access via TLS connections - CVE-2025-30761: fix...

The vulnerability of the MFlash secure data exchange platform, related to authentication errors, allows attackers to escalate their privileges.

The vulnerability of the MFlash secure data exchange platform is related to authentication errors. Exploiting this vulnerability allows a malicious actor to enhance their privileges and use the file storage system beyond the architectural limitations by intercepting API responses...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the q URL parameter in the /api/v2.0/users endpoint. An attacker can retrieve sensitive password hash and salt values by abusing the filtering capability to extract this information character by character. Note:...

Abnormal AI Abnormal Security API 安全漏洞

Abnormal AI Abnormal Security API is an API from Abnormal AI. A security vulnerability exists in Abnormal AI Abnormal Security API versions prior to 2025-02-19, which stems from a privilege degradation vulnerability...

The vulnerability of the API interface of the boiler controller MyHeat GO allows a hacker to gain unauthorized access to the controller.

The vulnerability of the API interface of the MyHeat GO boiler controller is related to the use of default login credentials. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the controller by using the standard login credentials...