164 matches found
EUVD-2026-20525
Incorrect Authorization CWE-863 in Kibana can lead to information disclosure via Privilege Abuse CAPEC-122. A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be...
CVE-2026-33461 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
Incorrect Authorization CWE-863 in Kibana can lead to information disclosure via Privilege Abuse CAPEC-122. A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be...
PT-2026-31334
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An issue exists in Kibana where incorrect authorization can lead to information disclosure through privilege abuse. A user with limited Fleet privileges can exploit an internal API endpoint to...
CVE-2026-20042 Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypt...
Malicious code in voodoo-internal-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a66c21f000ea33496a8cd95744872d47bbd617d4a4cabdae400ae0361cf0faf3 The package voodoo-internal-api was found to contain malicious code...
MAL-2026-2396 Malicious code in voodoo-internal-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a66c21f000ea33496a8cd95744872d47bbd617d4a4cabdae400ae0361cf0faf3 The package voodoo-internal-api was found to contain malicious code...
Malicious code in internal-api-insights (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b02a86affbdb1f89c5fff800bc1a2c78125d1536f84ed7caa8507f14d0ebf5c The package internal-api-insights was found to contain malicious code...
MAL-2026-1752 Malicious code in internal-api-insights (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b02a86affbdb1f89c5fff800bc1a2c78125d1536f84ed7caa8507f14d0ebf5c The package internal-api-insights was found to contain malicious code...
Malicious Package
Overview dell-emc-internal-api-drzak is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
EUVD-2026-8646
Budibase: Remote Code Execution via Unsafe eval in View Filter Map Function Budibase Cloud...
CVE-2025-52024
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...
CVE-2025-52024
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...
VulnCheck KEV: CVE-2025-20282
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks tha...
CVE-2026-22237
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...
CVE-2026-22237
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...
CVE-2026-22237 Exposed Internal API Documentation Vulnerability in BLUVOYIX
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...
CVE-2026-22237 Exposed Internal API Documentation Vulnerability in BLUVOYIX
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...
PT-2026-2860
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...
Bluspark BLUVOYIX 安全漏洞
Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. A security vulnerability exists in Bluspark BLUVOYIX that stems from the exposure of sensitive internal API documentation, which could lead to an attacker abusing internal functionality to compromise the...
GHSA-8V65-47JX-7MFR Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability
Summary A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Description The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it doe...