162 matches found
CVE-2025-15099
A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNALAPISECRET leads to improper authentication. It is possible to initiate t...
CVE-2025-15099 simstudioai sim CRON Secret internal.ts improper authentication
A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNALAPISECRET leads to improper authentication. It is possible to initiate t...
CVE-2025-15099
CVE-2025-15099 affects simstudioai sim up to version 0.5.27, specifically the CRON Secret Handler’s file apps/sim/lib/auth/internal.ts. The vulnerability arises from manipulation of the INTERNAL_API_SECRET parameter, enabling improper authentication. It is exploitable remotely, and publicly avail...
CVE-2025-15099 simstudioai sim CRON Secret internal.ts improper authentication
A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNALAPISECRET leads to improper authentication. It is possible to initiate t...
CVE-2025-66377
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...
EUVD-2025-205373
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...
CVE-2025-66377
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...
CVE-2025-66377
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...
CVE-2025-66377
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...
PT-2025-53392
Name of the Vulnerable Software and Affected Versions Pexip Infinity versions prior to 39.0 Description A critical function within a product-internal API lacks proper authentication. An attacker who has already gained the ability to execute code on one node within a Pexip Infinity installation ca...
CVE-2025-67737
AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a...
CVE-2025-67737 AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE
AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a...
AzuraCast 安全漏洞
AzuraCast is a simple self-hosted webcast management suite from AzuraCast, Inc. A security vulnerability exists in AzuraCast version 0.23.1, which stems from the incorrect inclusion of an API endpoint for internal use only, which could lead to tampering with database contents...
Server-side Request Forgery (SSRF)
Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the x-zitadel-forward-host header handling in the login UI. An attacker can access internal resources and...
CVE-2025-12996
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025...
CVE-2025-12996
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025...
CVE-2025-12996
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025...
EUVD-2025-201287
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025...
CVE-2025-12996
Medtronic CareLink Network is affected. A local attacker with access to log files on an internal API server can view plaintext passwords from errors logged under certain circumstances, causing information disclosure. This affects versions prior to December 4, 2025. Remediation per PT-2025-49126 i...
PT-2025-49126
Name of the Vulnerable Software and Affected Versions Medtronic CareLink Network versions prior to December 4, 2025 Description A local attacker gaining access to log files on an internal API server can view passwords in plaintext due to errors logged under specific conditions. Recommendations...