PlayEdu 代码问题漏洞

PlayEdu is an industry-leading online training solution from the China PlayEdu team. A code issue vulnerability exists in PlayEdu 1.8 and earlier versions, which stems from a server-side request forgery due to incorrect operation of the parameter Avatar in the file /api/backend/v1/user/create...

CVE-2025-3968

A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /api.php. The manipulation of the argument catid leads to sql injection. The attack can be initiated remotely. The exploit has been...

Moodle 信息泄露漏洞

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that originates from a specific API call that discloses sensitive...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 0.6.12, which stems from the fact that a normal user can enable or disable the app via the API...

PT-2025-16414

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description An unauthenticated attacker can infer the existence of usernames in the system by querying an API. Recommendations At the moment, there is no information about a newer version that contains a...

PT-2025-16488

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description Unauthenticated attackers can query an API endpoint and get device details. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

PT-2025-16346

Name of the Vulnerable Software and Affected Versions Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC version V3 1.0.15 Description A command injection issue was discovered via the groupname at the "/boafrm/formDiskCreateGroup" API endpoint. This allows for potential exploitation...

The vulnerability of the application software interface of the Cisco Meeting Management subsystem allows a perpetrator to escalate their privileges.

The vulnerability of the application programming interface of the Cisco Meeting Management subsystem relates to the improper handling of insufficient privileges. Exploiting this vulnerability allows a malicious actor to enhance their privileges through specially created requests...

The vulnerability of the FortiSIEM security management system, related to insufficient protection of operational data, allows a attacker to obtain the database password.

The vulnerability of the FortiSIEM security management system is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain database passwords through specially created API requests...

CVE-2025-3135

A vulnerability classified as critical was found in fcbazzm ics-park Smart Park Management System 2.1. This vulnerability affects unknown code of the file /api/system/dept/update. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

UBUNTU-CVE-2024-36465

A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...

raven 输入验证错误漏洞

raven is a simple, open source team messaging platform from Commit Open Source. An input validation error vulnerability exists in versions of Raven prior to 2.1.10 that stems from allowing any logged in user to execute code via an API endpoint...

Tuleap 安全漏洞

Tuleap is an open source suite from Enalean Open Source designed to improve the management of software development and collaboration. A security vulnerability exists in Tuleap Community Edition prior to 16.5.99.1742392651 and Tuleap Enterprise Edition prior to 16.5-5, and prior to 16.4-8, which...

SUSE CVE-2025-25068

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes...

Unitree Go 1 安全漏洞

Unitree Go 1 is a robotic dog from the Chinese company Unitree. Unitree Go 1 suffers from a security vulnerability that stems from an undocumented backdoor that could lead to full remote control of the device by the manufacturer or a person in possession of an API key...

WordPress Better WishList API plugin <= 1.1.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Better WishList API versions = 1.1.4...

Improper Privilege Management

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Improper Privilege Management through the API endpoint http://0.0.0.0:8080/api/v1/users/uuidadministrator. An attacker, acting as an admin, can delete other administrators. This action is restricted by the us...

Composio 安全漏洞

Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in Composio version 0.5.10 that stems from the API not validating the value of the x-api-key header, which could lead to unauthorized access...

PT-2025-12330

Name of the Vulnerable Software and Affected Versions Nebula Informatics SecHard versions prior to 3.3.0.20220411 Description The issue is related to the incorrect use of privileged APIs, cleartext transmission of sensitive information, and insufficiently protected credentials. This allows for...

LogicalDOC 安全漏洞

LogicalDOC is a document management system developed using Java technology by LogicalDOC, Inc. in the United States. The system has features such as Lucene full-text search indexing and automatic import. LogicalDOC has a security vulnerability that stems from an API endpoint flaw that could allow...