CVE-2025-36553

A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability...

UBUNTU-CVE-2025-58121

Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

CVE-2025-58121

CVE-2025-58121 involves insufficient permission validation on multiple REST API endpoints in Checkmk, affecting versions 2.2.0, 2.3.0 and 2.4.0 prior to 2.4.0p16. The issue allows low-privilege users to perform unauthorized actions or access sensitive information. Remediation: upgrade to Checkmk ...

EUVD-2025-197893

A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability...

GO-2025-4091 Jellysweep uses uncontrolled data in image cache API endpoint in github.com/jon4hz/jellysweep

Jellysweep uses uncontrolled data in image cache API endpoint in github.com/jon4hz/jellysweep...

GO-2025-4090 lakeFS affected by unauthenticated access to API usage metrics in github.com/treeverse/lakefs

lakeFS affected by unauthenticated access to API usage metrics in github.com/treeverse/lakefs...

CVE-2025-13319 Authenticated SQL injection in API - Digi On-Prem Manager

An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the attack...

Nettec AS Digi On-Prem Manager 安全漏洞

Nettec AS Digi On-Prem Manager is a device management platform from Nettec AS, Norway. A security vulnerability exists in Nettec AS Digi On-Prem Manager that stems from a SQL injection vulnerability in the API functionality, which could lead to SQL injection attacks...

Unspecified Vulnerability in Rockwell Automation Verve Asset Manager

Rockwell Automation Verve Asset Manager is a vendor-neutral OT endpoint management platform from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation Verve Asset Manager that can be exploited by an attacker to read, update, and delete users via the API...

PT-2025-47024

Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C firmware versions up to and including 1.9.3 Description The Screen SFT DAB 600/C firmware has an issue with access control on the user management API. Unauthenticated requests can retrieve structured user data, including...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to properly validating team membership permissions in the Add Channel Member API. An attacker can obtain unauthorized access to user metadata and channel membership information from other teams by sending...

Cisco Catalyst Center REST API Command Injection Vulnerability

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

CVE-2025-11894

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

EUVD-2025-84343

A local server-side request forgery SSRF security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes...

CVE-2025-11862

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

CVE-2025-11862 Verve Asset Manager Access Control Vulnerability

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

PT-2025-46243

Name of the Vulnerable Software and Affected Versions Include Fussball.de Widgets plugin for WordPress versions up to and including 4.0.0 Description The software contains a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping. Authenticated attackers with...

Rockwell Automation Studio 5000 Simulation Interface 安全漏洞

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...

PT-2025-46340

Name of the Vulnerable Software and Affected Versions Verve Asset Manager affected versions not specified Description A security issue exists in Verve Asset Manager that allows unauthorized read-only users to perform actions beyond their intended permissions. Specifically, these users can read,...

CVE-2025-64431

Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...