MCPJam Inspector 1.4.2 Defensive API Security Assessment Tool

This Python-based defensive auditing tool evaluates the exposure and security posture of MCP-related API endpoints in a controlled and authorized environment. It is designed to assist security teams in identifying insecure API configurations, exposed execution interfaces, and potential operationa...

PT-2026-41692

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.0 Description Arcane improperly exposes Git repository management endpoints to any authenticated user, allowing low-privileged accounts to modify repository configurations, exfiltrate stored Git credentials, acces...

CVE-2026-33216

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

PT-2025-49201

The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp ajax eprolo delete tracking and wp ajax eprolo save tracking data AJAX endpoints in all versions up to, and including, 2.3.1. This makes it possible for...

EUVD-2018-1879

Malware in sbrugna...

EUVD-2021-25137

Malware in sbrugna...

EUVD-2020-0040

Malware in sbrugna...

EUVD-2025-13506

Malicious code in bioql PyPI...

CVE-2025-2670

IBM OpenPages 9.0 is affected by CVE-2025-2670 due to insufficient access control on certain REST endpoints related to the workflow feature. An authenticated user can disclose sensitive workflow configuration and internal state. The issue has a CVSS v3.1 base score of 4.3 (Medium) with Network at...

CVE-2023-41266

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous...

CVE-2021-38699

TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/systemlogs...

CVE-2025-30209

This CVE (CVE-2025-30209) concerns Tuleap, where an improper permission check allows an attacker to access release notes content or related information via the FRS REST endpoints. The vulnerability stems from access control weaknesses in the Tuleap software suite, specifically affecting the REST ...

CVE-2025-25068 Bypassing MFA Enforcement on Plugin Endpoints

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes...

CVE-2025-21628 Chatwoot has a Blind SQL-injection in Conversation and Contacts filters

Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of queryoperator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to run arbitrary SQL within the filter query by addi...

PT-2024-38980 · Reverb · Reverb

Name of the Vulnerable Software and Affected Versions: Reverb versions prior to the version including git commit 6a0dcf4c9e842b7f999912f792aaa6f6bd261a25 Description: There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an...

PT-2025-2796 · Edimax · Edimax Ac1200 Wi-Fi 5 Dual-Band Router Br-6476Ac

Name of the Vulnerable Software and Affected Versions: Edimax AC1200 Wi-Fi 5 BR-6476AC version 1.06 Description: The issue is related to the lack of protection for the web interface structure of the Edimax AC1200 Wi-Fi 5 BR-6476AC router's firmware, allowing a remote attacker to conduct a Cross...

Secure Remote Endpoints from Vulnerabilities in Video Conferencing & Productivity Applications like Zoom

With millions working, learning and collaborating remotely due to COVID-19 challenges, there's an explosion of remote endpoints running Zoom and other collaboration and productivity applications such as Outlook, Teams, Webex, Slack, Office 365 and more. As remote endpoints are accessing...