Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All API modules allows Excessive Allocation. This vulnerability is associated with program files...

From Discovery to Testing: Akamai and Snyk Deliver Seamless API Security

...

CVE-2025-42951

Due to broken authorization, SAP Business One SLD allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, and availability of the application...

CVE-2025-42951 Broken Authorization in SAP Business One (SLD)

Due to broken authorization, SAP Business One SLD allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, and availability of the application...

CVE-2025-42951 Broken Authorization in SAP Business One (SLD)

Due to broken authorization, SAP Business One SLD allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, and availability of the application...

PT-2025-32611 · Sap · Sap Business One

Name of the Vulnerable Software and Affected Versions: SAP Business One SLD affected versions not specified Description: SAP Business One SLD suffers from a broken authorization issue. An authenticated attacker can gain administrator privileges on a database by invoking the corresponding API. Thi...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to an API call to edit the channel subscription endpoint. An attacker can modify channel subscriptions by sending unauthorized API requests. Remediation Upgrade...

GHSA-QJRX-J8WM-XF83 Mattermost Confluence Plugin has Missing Authorization vulnerability

Mattermost Confluence Plugin versions 1.5.0 fail to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...

Mattermost Confluence Plugin has Missing Authorization vulnerability

Mattermost Confluence Plugin versions 1.5.0 fail to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...

Mattermost Confluence Plugin is Missing Authentication for Critical Function

Mattermost Confluence Plugin versions 1.5.0 fail to enforce user authentication of the Mattermost instance, allowing unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...

Mattermost Confluence Plugin is Missing Authentication for Critical Function

Mattermost Confluence Plugin version 1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint...

CVE-2025-54478

Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...

CVE-2025-54478 Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...

CVE-2025-53910 Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...

CVE-2025-44004 Unauthenticated Channel Subscription Creation in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint...

The vulnerability of the API component of the Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) allows a perpetrator to execute arbitrary commands.

The vulnerability of the API components of the Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC exists due to the failure to take measures to neutralize specific elements. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands...

CVE-2025-46414

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN i...

CVE-2025-8812

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-8812

CVE-2025-8812 affects atjiu pybbs

CVE-2025-8749

Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots MiR Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request...