1401 matches found
CVE-2025-43782
Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the API...
CVE-2025-42933
When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and availability of t...
PT-2025-37091
Name of the Vulnerable Software and Affected Versions: ChanCMS versions up to 3.3.0 Description: A SQL injection weakness exists in the Search function within the app/modules/api/service/Api.js file. Manipulation of the key argument can lead to SQL injection. The exploit has been publicly release...
The API Security Dilemma: Why Traditional Approaches Are Failing in the AI Era
Throughout the past few years, APIs have become the backbone of digital infrastructure. They enable software-to-software communication, improve integration and interoperability, support modular architecture, and more. But as API use has exploded, so has API traffic volume and complexity, making...
PT-2025-36418
Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar that allows for improper access controls. This issue affects unknown code within the /cancelar-enturmacao-em-lote/ API endpoint and can be...
Cisco Prime Infrastructure Information Disclosure (cisco-sa-epnm-info-dis-zhPPMfgz)
The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.10.6.2. It is therefore affected by an information disclosure vulnerability. A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to...
Cisco Evolved Programmable Network Manager Information Disclosure (cisco-sa-epnm-info-dis-zhPPMfgz)
The version of Cisco Evolved Programmable Network Manager installed on the remote host is affected by an information disclosure vulnerability. A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to...
Linux Distros Unpatched Vulnerability : CVE-2022-21713
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle use...
CVE-2025-58355 Soft Serve is vulnerable to arbitrary file writing through its SSH API
Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...
CVE-2025-58355 Soft Serve is vulnerable to arbitrary file writing through its SSH API
Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...
CVE-2025-20270 Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of reques...
Allocation Of Resources Without Limits
Bouncy Castle is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to excessive resource allocation due to lack of proper limits in the handling of ASN1ObjectIdentifier in API modules...
Missing Authorization
Mattermost Confluence Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing access validation caused by failure to check user permissions when creating channel subscriptions via the API...
Copeland E3 Supervisory Control 安全漏洞
Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from a lack of input validation for MGW service API calls, which could cause the application...
CData API Server 安全漏洞
CData API Server is a server for creating, deploying, and managing custom APIs from CData. This server provides a highly scalable platform that helps organizations quickly build and expose APIs to communicate with different data sources. A security vulnerability exists in CData API Server that...
CVE-2025-58124
Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic...
Linux Distros Unpatched Vulnerability : CVE-2020-13324
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API...
MAL-2025-41519 Malicious code in @twork-data-services/proxy-prime-api-v1-card-ucid-services (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-30040 Missing authentication in API returning request logs containing session IDs
The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...
CVE-2025-7841
CVE-2025-7841 affects the WordPress plugin “Sertifier Certificate & Badge Maker for WordPress – Tutor LMS.” A CSRF flaw exists due to missing/incorrect nonce validation on the sertifier_settings page, enabling unauthenticated attackers to update the plugin’s API key if a site admin is tricked int...