CVE-2025-36351 IBM License Metric Tool bypass security

IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions...

CVE-2025-56449

Obsidian Scheduler REST API 5.0.0–6.3.0 is affected. The root cause is that accounts locked out due to MFA enforcement can still authenticate via Basic Authentication for administrative actions, allowing creation of a new privileged user and bypassing MFA protections. The issue affects the REST A...

Vasion Print Virtual Appliance Host 安全漏洞

Vasion Print Virtual Appliance Host is a print management software from Vasion USA. A security vulnerability exists in Vasion Print Virtual Appliance Host versions prior to 22.0.1026 that originates from an unauthenticated REST API endpoint exposing configuration files and plaintext passwords,...

CVE-2025-10948

CVE-2025-10948 affects MikroTik RouterOS 7, specifically the parse_json_element function in the libjson.so component used by /rest/ip/address/print. The issue is a remote-exploitable buffer overflow reported in multiple feeds, with public disclosure of the exploit. The vulnerability is stated to ...

PT-2025-39083

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.112 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.7 Liferay Portal versions 7.4 GA through update 92 Description The Batch Engine does not correctly...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

WordPress Password Reset with Code plugin < 0.0.17 - Insecure Password Reset Code Creation vulnerability

Insecure Password Reset Code Creation vulnerability discovered by Tommaso Gregori p1s1o in WordPress Plugin Password Reset with Code for WordPress REST API versions 0.0.17...

CVE-2025-5305 Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers...

PT-2025-38299

Name of the Vulnerable Software and Affected Versions Password Reset with Code for WordPress REST API plugin versions prior to 0.0.17 Description The plugin does not employ cryptographically secure algorithms for generating One-Time Password OTP codes, which could allow for account takeovers...

Vulnerabilities fixed in Cisco NX-OS Software

Cisco has fixed vulnerabilities in Cisco NX-OS Software for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software, including IS-IS, PIM6, logging, command-line interface CLI, and the REST API of the Nexus Dashboard. These vulnerabilities can ...

Linux Distros Unpatched Vulnerability : CVE-2022-48317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk = 2.1.0p10 and Checkmk = 2.0.0p28 allowing an attacker to use expired session...

Linux Distros Unpatched Vulnerability : CVE-2022-48318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosu...

CVE-2025-55739

api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© PBX. In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An...

CVE-2025-55739

api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© PBX. In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An...

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

Linux Distros Unpatched Vulnerability : CVE-2017-14868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request...

PT-2025-35781

Name of the Vulnerable Software and Affected Versions: Jenkins global-build-stats Plugin versions 322.v22f4db 18e2dd and earlier Description: The Jenkins global-build-stats Plugin does not perform permission checks in its REST API endpoints. Attackers with Overall/Read permission can enumerate...

CVE-2025-5662

A deserialization vulnerability exists in the H2O-3 REST API POST /99/ImportSQLTable that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution RCE due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present i...

CVE-2025-5662 Deserialization Vulnerability in h2oai/h2o-3

A deserialization vulnerability exists in the H2O-3 REST API POST /99/ImportSQLTable that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution RCE due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present i...

Linux Distros Unpatched Vulnerability : CVE-2024-38865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows...