109 matches found
CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...
CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...
CVE-2025-34441 AVideo < 20.1 User Information Disclosure via Public API
AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...
CVE-2025-34441
CVE-2025-34441 affects AVideo versions prior to 20.1, exposing emails, usernames, admin status, and last login times via an unauthenticated public API endpoint, enabling user enumeration/privacy violations. Connected sources also describe unauthenticated RCE paths in AVideo 14.3.1+ through notify...
PT-2025-51874
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 have an issue where sensitive user information is exposed through an unauthenticated public API endpoint. The responses from this endpoint include emails, usernames,...
CVE-2025-10285
CVE-2025-10285 affects Silicon Labs Simplicity Device Manager. The exposed web interface enables an attacker to extract NTLMv2 hashes, which could be used to crack users’ domain passwords. Affected software is Silicon Labs Simplicity Device Manager; the root cause is publicly accessible web UI ex...
GHSA-PQ5V-RWP8-P7GM rtvm-interpreter lacks sufficient checks in public API
The affected function is unsound due to insufficient checks on public struct field...
EUVD-2025-200125
rtvm-interpreter lacks sufficient checks in public API...
rtvm-interpreter lacks sufficient checks in public API
The affected function is unsound due to insufficient checks on public struct field...
Liferay Portal API Explorer Detected
This is an informational plugin to inform the user that the scanner has detected that the target Liferay instance publicly expose the API explorer. No source data...
CVE-2025-12468
The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a...
RUSTSEC-2025-0131 Lack of sufficient checks in public API
The affected function is unsound due to insufficient checks on public struct field...
EUVD-2015-5058
Malware in sbrugna...
EUVD-2025-29387
Malicious code in bioql PyPI...
EUVD-2025-29424
Malicious code in bioql PyPI...
EUVD-2022-41620
Malicious code in bioql PyPI...
Exploit for OS Command Injection in Apache Airflow
This is a proof-of-concept PoC exploit for CVE-2020-11978, a remote code execution RCE vulnerability in Apache Airflow's example DAGs. The exploit targets Airflow versions less than 1.10.11 and allows an attacker to execute arbitrary commands on the system. The exploit uses the Airflow Experiment...
CVE-2024-58259
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public unauthenticated and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory...
K000153161: Ansible Tower vulnerability CVE-2019-19340
Security Advisory Description A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmqenablemanager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is sti...
CVE-2025-7616
A vulnerability, which was classified as critical, has been found in gmg137 snap7-rs up to 1.142.1. Affected by this issue is the function pthreadconddestroy of the component Public API. The manipulation leads to memory corruption. The exploit has been disclosed to the public and may be used...