USN-7252-1 openjdk-lts vulnerability

It was discovered that the Hotspot component of OpenJDK 11 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information...

F5 BIG-IP Next Central Manager 日志信息泄露漏洞

F5 BIG-IP Next Central Manager is a centralized console from F5 USA. A log information disclosure vulnerability exists in F5 BIG-IP Next Central Manager, which originates from the possibility of recording sensitive information in log files when a user logs in using local authentication via the...

WordPress plugin Sensei LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

CVE-2025-22220

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user...

Scale 安全漏洞

Scale is an open source work, project and task management platform with more than 30 features from the individual developers at pankajindevops. A security vulnerability exists in Scale 20241113 and prior versions that stems from improper access control in the component API Endpoint...

WordPress Flexmls® IDX Plugin plugin <= 3.14.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via API parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via API parameters vulnerability discovered by 1337Wannabe in WordPress Plugin Flexmls® IDX versions = 3.14.26...

IBM Concert Information Disclosure Vulnerability (CNVD-2025-29674)

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an information disclosure vulnerability that stems from the disclosure of sensitive information via...

Cisco Meeting Management 安全漏洞

Cisco Meeting Management CMM is an administrative tool for Cisco Meeting Server, a Cisco local videoconferencing platform from Cisco USA. A security vulnerability exists in Cisco Meeting Management that stems from insufficient REST API user authorization, resulting in a low-privilege authenticate...

You Can’t Improve What You Can’t See: API Monitoring Is Crucial

...

Unspecified Vulnerability in Microsoft Windows Telephony Server (CNVD-2025-02538)

Microsoft Windows Telephony Server is a component of Microsoft Corporation USA that supports the Telephony Application Programming Interface TAPI, which allows computer programs to communicate with shared telephony services. A security vulnerability exists in Microsoft Windows Telephony Server. A...

UBUNTU-CVE-2025-0194

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner...

WordPress Ultimate Endpoints With Rest Api plugin <= 2.2.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Ultimate Endpoints With Rest Api versions = 2.2.2...

ROS-20241212-24

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-04

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-02

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-22

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

UBUNTU-CVE-2024-47760

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue...

GLPI 访问控制错误漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

GLPI 访问控制错误漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

PT-2024-13527 · It Path Solutions · It Path Solutions Contact Form To Any Api

Name of the Vulnerable Software and Affected Versions: IT Path Solutions Contact Form to Any API versions 1.1.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels...