EUVD-2025-208108

Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00...

CVE-2025-0976

Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00...

CVE-2025-0976

CVE-2025-0976 is an Information Exposure vulnerability affecting Hitachi Ops Center API Configuration Manager (versions 10.0.0-00 up to before 11.0.4-00) and Hitachi Configuration Manager (versions 8.6.1-00 up to before 11.0.5-00). Root cause/implication: exposure of sensitive credentials/storage...

CVE-2025-5781

Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from...

Sz-Admin 代码问题漏洞

Sz-Admin is a mid-backend management software developed by INS6+ individual developers. Versions of Sz-Admin such as 1.3.2-beta and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of parameters in the files/download file and API, particularly the url...

CVE-2026-3105

SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated...

CVE-2026-0399

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint...

CVE-2026-0399

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint...

CVE-2026-0399

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint...

PT-2026-21792

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.3.14.0 and earlier Description An issue exists in Devolutions Server where improper access control in several DVLS REST API endpoints allows an authenticated user with view-only permissions to access sensitive...

GO-2026-4516 Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints in github.com/akuity/kargo

Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints in github.com/akuity/kargo...

CVE-2026-2832

Certain Samsung MultiXpress Multifunction Printers may be vulnerable to information disclosure, potentially exposing address book entries and other device configuration information through specific APIs without proper authorization...

CVE-2026-26977

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...

GetSimple CMS 信息泄露漏洞

GetSimple CMS is an open-source content management system developed by GetSimple CMS. GetSimple CMS has a vulnerability related to information leakage. This vulnerability stems from the reliance on .htaccess files to restrict access to sensitive directories. When Apache AllowOverride is disabled,...

CVE-2026-2832 Certain Samsung MultiXpress Multifunction Printers Firmware – Potential Information Disclosure

Certain Samsung MultiXpress Multifunction Printers may be vulnerable to information disclosure, potentially exposing address book entries and other device configuration information through specific APIs without proper authorization...

CVE-2026-26977 Frappe Learning Management System exposes details of unpublished courses to unauthorized users

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...

PT-2026-21325

Name of the Vulnerable Software and Affected Versions GetSimple CMS affected versions not specified Description GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache...

CVE-2026-22266

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass...

CVE-2026-22266

Dell PowerProtect Data Manager, prior to version 19.22, is affected by an Improper Verification of Source of a Communication Channel in the REST API. The issue could allow a high-privileged, remote attacker to bypass protection mechanisms via the REST API. Exploitation details or exploit availabi...

Server-Side Request Forgery (SSRF)

Langflow is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation and filtering of user-supplied URLs in the API Request component, which allows an attacker to send crafted requests to internal or restricted network resources and retrieve their...