Ivanti Endpoint Manager Mobile 代码注入漏洞

Ivanti Endpoint Manager Mobile EPMM is an enterprise-grade mobile device management solution for centralized management and protection of mobile devices in the enterprise, supporting device enrollment, application distribution, security policy enforcement, and more. A code execution vulnerability...

ZONG YU Parking Management System 安全漏洞

ZONG YU Parking Management System is a comprehensive intelligent parking management platform from China's ZONG YU company. A security vulnerability exists in the ZONG YU Parking Management System that stems from a lack of authentication in a specific API, which could lead to unauthenticated remot...

yaoqishan 安全漏洞

yaoqishan DemonQishan is a video management system for Kobe Personal Developers. A security vulnerability exists in yaoqishan version v0.0.1, which stems from improper access control of the /admin/ API and may result in gaining administrator privileges...

RuoYi AI 安全漏洞

RuoYi AI is a full-stack AI development platform for ageerle individual developers, designed to help developers rapidly build and deploy personalized AI applications. A security vulnerability exists in RuoYi AI 2.0.1 and earlier versions, which stems from improper authorization in the API interfa...

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 10.10.0 through 11.5.0, which stems from a lack of user state checking and could lead to improper API access...

70mai Dash Cam 1S 安全漏洞

70mai Dash Cam 1S is a car recorder from 70mai 70mai. The 70mai Dash Cam 1S suffers from a security vulnerability that originates from the fact that an attacker can bypass the device authorization mechanism of the official mobile application by connecting directly to the device's network and...

GNET G-ONX 安全漏洞

GNET G-ONX is a series of car recorders from GNET. A security vulnerability exists in GNET G-ONX that stems from an exposed API endpoint that allows remote access to recorded and live video streams...

The vulnerability of the application software interface of the Cisco Identity Services Engine (ISE) platform allows a perpetrator to load files into any location within the operating system of the affected device.

The vulnerability of the application software interface of the Cisco Identity Services Engine ISE management platform is related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to load files into any location within...

PT-2025-7889 · O Ran · O-Ran Near Realtime Ric

Name of the Vulnerable Software and Affected Versions: O-RAN Near Realtime RIC I-Release affected versions not specified Description: An issue was discovered that allows an attacker to disrupt the initial connection between a gNB and the Near RT-RIC. This can be achieved by sending a high volume ...

The vulnerability of the application software interface of the BIG-IP Next Central Manager lies in insufficient validation of input data, allowing a perpetrator to trigger a service failure.

The vulnerability of the application software interface of the BIG-IP Next Central Manager is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2025-1186

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been...

CVE-2024-21737

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on...

EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞

EasyVirt DC Scope and EasyVirt CO2 Scope are both products of the French company EasyVirt.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution for IT services, virtual machines and servers in...

Bentley Systems ProjectWise Integration Server 安全漏洞

Bentley Systems ProjectWise Integration Server is an application from Bentley Systems, USA. A security vulnerability exists in Bentley Systems ProjectWise Integration Server versions prior to 10.00.03.288. An attacker could exploit the vulnerability to execute unexpected SQL queries via API calls...

PT-2025-2950 · Bentley Systems · Projectwise Integration Server

Name of the Vulnerable Software and Affected Versions: Bentley Systems ProjectWise Integration Server versions prior to 10.00.03.288 Description: The issue allows unintended SQL query execution by an authenticated user via an API call. Recommendations: For versions prior to 10.00.03.288, update t...

CVE-2024-55925

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets...

PT-2025-1435 · Unknown · Synnefo Internet Management

Name of the Vulnerable Software and Affected Versions: Synnefo Internet Management Software versions 2023 and earlier Description: A SQL injection issue exists due to improper input validation in a specific API endpoint parameter, allowing an attacker to manipulate SQL queries via crafted input...

Palo Alto Networks Expedition 安全漏洞

Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker exploiting this vulnerability could gain access to Expedition database contents such...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from an access token that...

The vulnerability of Backstage’s portal-building platform lies in its uncontrolled modification of object prototype attributes, allowing attackers to trigger service failures.

The vulnerability of the Backstage developer portal-building platform lies in the uncontrolled modification of object prototype attributes. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause service failures by sending a specially crafted API request...