CVE-2025-41241

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition...

CVE-2025-41241

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition...

Improper Input Validation

@haxtheweb/haxcms-nodejs is vulnerable to improper input validation. The vulnerability is due to the application not properly handling exceptions when required URL parameters are missing in authenticated API requests, which allows an attacker to crash the application via the listFiles and saveFil...

CVE-2025-46122

The CVE-2025-46122 vulnerability affects CommScope Ruckus Unleashed: versions prior to 200.15.6.212.14 and 200.17.7.0.139 are affected. The authenticated diagnostics API endpoint /admin/_cmdstat.jsp accepts attacker-controlled input without sufficient validation, allowing a remote attacker to spe...

CVE-2025-4428

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests...

PT-2025-20319 · Maven · Org.Graylog2:Graylog2-Server

Impact Two minor vulnerabilities were identified in the Graylog2 enterprise server, which can be combined to carry out a stored cross-site scripting attack. An attacker with the permission FILES CREATE can exploit these vulnerabilities to upload arbitrary Javascript code to the Graylog2 server,...

CVE-2021-42718 Sensitive data unnecessarily returned from authenticated API

Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables through the Admin...

CVE-2021-42718

CVE-2021-42718 affects Replicated Classic versions prior to 2.53.1. An authenticated Admin Console API (port 8800) may exposed container definitions containing environment variables, potentially revealing application secrets. Impact is information disclosure for users with valid credentials and A...

CVE-2024-36467

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

Computer Vision Annotation Tool 安全漏洞

Computer Vision Annotation Tool CVAT is a cvat.ai open source interactive video and image annotation tool for computer vision. A security vulnerability exists in Computer Vision Annotation Tool CVAT versions 2.16.0 through 2.18.0, which stems from the fact that if an attacker can trick a logged-i...

UBUNTU-CVE-2023-49080

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...

Debian: Security Advisory (DLA-3562-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3562-1] orthanc security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3562-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky September 12, 2023 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DSA-5473-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2816-1 : icinga2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2816 advisory. - Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From...

CVE-2021-32739

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a...

CVE-2021-32739

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a...

UBUNTU-CVE-2021-32739

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a...

CVE-2021-32739

CVE-2021-32739 affects Icinga 2 from 2.4.0 through 2.12.4, enabling privilege escalation for authenticated API users. With a read-only user’s credentials, an attacker can view most attributes of config objects, including ApiListener.ticket_salt, which can be used to forge a ticket and impersonate...

PT-2021-6701 · Icinga +1 · Icinga +1

Name of the Vulnerable Software and Affected Versions: Icinga versions 2.4.0 through 2.12.4 Description: The issue concerns a monitoring system that checks network resource availability and generates performance data. It may allow privilege escalation for authenticated API users. With a read-only...