242 matches found
CVE-2026-50088
The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...
CVE-2026-50082
The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...
CVE-2026-50088 Aqara Developer Portal cross-origin resource sharing
The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...
CVE-2026-50088
The CVE-2026-50088 entry concerns cross-origin request sharing in Aqara’s Developer Portal (developer.aqara.com) and its shared test environments (developer-test.aqara.com, aiot-test.aqara.com). The issue is CWE-942: Permissive Cross-domain Policy with Untrusted Domains, with CVSS v3.1 vector AV:...
CVE-2026-50082
The Aqara Cloud Developer Portal is affected by a Missing Authentication for Critical Function (CWE-306) vulnerability where a developer token could be issued to any email address, enabling an unauthenticated user to potentially take over devices when combined with CVE-2026-50083/84/85. The CVSS ...
CVE-2026-50082 Aqara Developer Portal insecure authentication token
The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...
PT-2026-48912
The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...
How to Get a Reddit API Key in 2026: Step-by-Step Guide
Getting a Reddit API key starts with creating an application through Reddit’s developer portal and understanding how its…...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.7 release.
Red Hat Developer Hub 1.8.7 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
Critical: Red Hat Security Advisory: Red Hat Developer Hub 1.9.4 release.
Red Hat Developer Hub 1.9.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
CVE-2024-4867
The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...
CVE-2024-4867 Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval
The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...
CVE-2024-4867
The CVE-2024-4867 entry describes a cross-site scripting (XSS) vulnerability in the WSO2 API Manager developer portal. User-supplied input is not properly validated or output-encoded, enabling injection of script content executed in the user’s browser. Exploitation can cause the UI to redirect to...
CVE-2024-4867 Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval
The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...
WSO2 Identity Server和WSO2 API Manager Developer Portal 安全漏洞
WSO2 Identity Server IS and WSO2 API Manager Developer Portal are both products of the American company WSO2. WSO2 Identity Server is an identity authentication server. WSO2 API Manager Developer Portal is a developer portal platform. Both WSO2 Identity Server and WSO2 API Manager Developer Porta...
WSO2 API Manager 安全漏洞
The WSO2 API Manager is a set of API lifecycle management solutions provided by the American company WSO2. There is a security vulnerability present in the WSO2 API Manager developer portal. This vulnerability stems from the lack of enforceable validation constraints on user inputs and output...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.1 release.
Red Hat Developer Hub 1.8.1 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
📄 Azure APIM 2 Vulnerability Checker
This PHP script is a full vulnerability scanner with proof of concepts for Azure API Management APIM instances, focusing on the possibility of cross‑tenant account signup bypass through the Basic Auth Identity Provider...
PT-2025-45387
Name of the Vulnerable Software and Affected Versions 3scale Developer Portal affected versions not specified Description A flaw exists in the 3scale developer portal that could allow account creation or updates through hidden or read-only fields. This allows an attacker to potentially access or...
EUVD-2020-4003
Malware in sbrugna...