CVE-2025-6892

An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints, including those intended for administrative functions. This vulnerability can be...

CVE-2025-60279

A server-side request forgery SSRF vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal services via the API. An attacker can leverage this to enumerate open ports based on response discrepancies and interact with internal...

CVE-2025-61908 Icinga 2 Denial of Service (DoS) By Dereferencing Invalid Reference

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...

fortinet FortiOS Resource Management Error Vulnerability (CNVD-2025-24143)

FortiOS is Fortinet's network operating system that provides firewall, VPN and network security features. A security vulnerability exists in Fortinet FortiOS that stems from an API interface that does not validate return values. An attacker could use this vulnerability to trigger a null pointer...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that can be exploited by an attacker to cause guest users to add arbitrary team members to their private channels via the...

WSO2 API Manager和WSO2 API Control Plane 安全漏洞

WSO2 API Manager and WSO2 API Control Plane are products of WSO2, Inc. WSO2 API Manager is an API lifecycle management solution and WSO2 API Control Plane is a control panel. A security vulnerability exists in WSO2 API Manager and WSO2 API Control Plane that stems from a lack of authentication an...

Teedy 访问控制错误漏洞

Teedy is an open source, lightweight document management system for individuals and businesses open-sourced by Teedy France. An access control error vulnerability exists in Teedy 1.11 and earlier versions, which stems from improper access control of the API endpoint component in file/api/file, an...

CVE-2025-59203 Windows State Repository API Server File Information Disclosure Vulnerability

...

EUVD-2025-34158

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...

PT-2025-41836

Name of the Vulnerable Software and Affected Versions SAP Application Server for ABAP affected versions not specified Description An authenticated attacker can store malicious JavaScript payloads. These payloads could be executed in a victim user's browser when accessing the affected functionalit...

CVE-2025-61688

CVE-2025-61688 affects Omni, a tool for managing Kubernetes on bare metal, VMs, or cloud environments. Public documents confirm an information leak via an API in Omni older than specific releases. The vulnerability is described consistently across sources as leaking sensitive information through ...

Omni vulnerable to information leak via API

Impact Omni might leak sensitive information via an API. Patches v1.1.5, v1.0.2 and v1.2.0 contain the patch. Workarounds None. References None...

CVE-2025-9553 API Key manager - Critical - Unsupported - SA-CONTRIB-2025-103

Vulnerability in Drupal API Key manager.This issue affects API Key manager:...

PT-2025-41384

Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex versions 5.0.0 through 5.0.13.1 Description A privileged user could potentially cause a denial of service due to improperly validated API input, leading to excessive resource consumption. The issue stems from insufficient...

GHSA-WR9H-G72X-MWHM vLLM is vulnerable to timing attack at bearer auth

Summary The API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force. Details...

Covert Timing Channel

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Covert Timing Channel via the apiserver component. An attacker can gain unauthorized access by exploiting differences in response times during API k...

CVE-2025-40676

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

EUVD-2011-5250

Malware in sbrugna...

vLLM 安全漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A security vulnerability exists in versions prior to vLLM 0.11.0rc2, which stems from a timing attack vulnerability in the API key authentication method that could lead to authentication bypass...