CVE-2025-31649 Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...

CVE-2025-11957

Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests...

EUVD-2020-25192

Malware in sbrugna...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a permissive API. An attacker can retrieve unauthorized workflow definitions by specifying their names through crafted API requests. Remediation Upgrade...

Linux Distros Unpatched Vulnerability : CVE-2022-43138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API. CVE-2022-43138 Note that Nessus relies on...

Linux Distros Unpatched Vulnerability : CVE-2021-39889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a...

CVE-2024-1947

A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls...

CVE-2024-23108

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

CVE-2024-11828

A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlie...

CVE-2023-4607

An authenticated XCC user can change permissions for any user through a crafted API command...

CVE-2022-43138

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API...

CVE-2019-10629

u'User Process can potentially corrupt kernel virtual page by passing a crafted page in API' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2025-4428

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests...

CVE-2025-4428 Remote Code Execution

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests...

CVE-2025-4428

Ivanti Endpoint Manager Mobile (EPMM) Code Injection vulnerability (CVE-2025-4428). An authenticated attacker can remotely execute arbitrary code via crafted API requests in the API component. Root cause cited as insecure implementation/interpolation involving the Hibernate Validator library, wit...

Ivanti Endpoint Manager Mobile 安全漏洞

Ivanti Endpoint Manager Mobile EPMM is an enterprise-grade mobile device management solution for centralized management and protection of mobile devices in the enterprise, supporting device enrollment, application distribution, security policy enforcement, and more. An authentication bypass...

VulnCheck KEV: CVE-2025-4427

Ivanti Endpoint Manager Mobile EPMM contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring...

VulnCheck KEV: CVE-2024-23109

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

UBUNTU-CVE-2024-11828

A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlie...