Ubia Ubox 安全漏洞

Ubia Ubox is an intelligent video surveillance device from China's Yuchuan Network Ubia. Ubia Ubox has a security vulnerability that stems from a failure to adequately protect API credentials, which could lead to unauthorized access to the camera and view live feeds or modify settings...

GO-2025-4022 Omni vulnerable to information leak via API in github.com/siderolabs/omni

Omni vulnerable to information leak via API in github.com/siderolabs/omni...

Cisco多款产品 信息泄露漏洞

Cisco Unified Intelligence Center and others are products of Cisco USA.Cisco Unified Intelligence Center is a Web-based reporting platform.Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution.Cisco Unified Contact...

PT-2025-45165

Name of the Vulnerable Software and Affected Versions HCL DevOps Loop affected versions not specified Description The API authentication middleware in HCL DevOps Loop does not properly validate authentication tokens, specifically regarding their expiration and cryptographic signature. This could...

PT-2025-45134

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...

CVE-2025-61956

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...

CVE-2025-61956 Missing Authentication for Critical Function in Radiometrics VizAir

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...

CVE-2025-61956

Radiometrics VizAir is affected by a lack of authentication for critical functions (admin panel and REST API). This could allow an unauthenticated attacker to modify configurations and weather data, potentially manipulating active runway settings, misleading air traffic control and pilots, and ca...

WordPress ViaAds plugin <= 2.1.1 - Cross-Site Request Forgery to API Key Update vulnerability

Cross-Site Request Forgery to API Key Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin ViaAds versions = 2.1.1...

PT-2025-45004

Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization exists in CanalDenuncia.app. An attacker can access other users' information by sending a POST request through the id sociedad parameter in the...

PT-2025-45018

Name of the Vulnerable Software and Affected Versions Radiometrics VizAir affected versions not specified Description Radiometrics VizAir lacks authentication mechanisms for critical functions, including admin access and API requests. This allows attackers to modify configurations without...

EUVD-2025-37435

Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12600

Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12600

CVE-2025-12600 affects Azure Access Technology BLU-IC2 and BLU-IC4 (through 1.19.5). Reports describe a Web UI malfunction when an unexpected locale is set via an API call. The vulnerability impacts the Web UI layer and is tied to the locale parameter supplied through the API, with affected versi...

CVE-2025-12600 Web UI Malfunction

Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-11843

Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the...

CVE-2025-12038

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...

WordPress plugin Import WP – Export and Import CSV and XML files to WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...

CVE-2025-11843

Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the...

EUVD-2025-37315

Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available...