CVE-2025-67895

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...

EUVD-2023-42709

Malicious code in bioql PyPI...

EUVD-2023-34217

Malicious code in bioql PyPI...

EUVD-2025-28445

Malicious code in bioql PyPI...

CVE-2025-52548

E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...

CVE-2025-52548

E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...

CVE-2025-52548

E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...

CVE-2025-52548 Enabling SSH and Shellinabox on the vulnerable machine

E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...

CVE-2025-52548 Enabling SSH and Shellinabox on the vulnerable machine

E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...

CVE-2025-52548

The CVE-2025-52548 entry concerns Copeland E3 Supervisory Control firmware versions older than 2.31F01. A hidden API call in the application services exists (enabled by default disabled) that, if accessed by an admin, can enable SSH and Shellinabox, granting remote access to the underlying operat...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from a hidden API call that could result in enabling remote access to the underlying operating...

📄 Xorux LPAR2RRD 8.04 Information Disclosure

Xorux LPAR2RRD versions 8.04 and below have an API endpoint that should be limited to web application administrators. It is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive...

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...

CVE-2023-2759

A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability...

CVE-2019-10040

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dirlogin.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication...

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...

Cross site request forgery (csrf)

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...