CVE-2025-6227

Summary: CVE-2025-6227 affects Mattermost Server versions 10.5.x (<= 10.5.7) and 9.11.x (

PT-2025-30028 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.7 Mattermost versions 9.11.x through 9.11.16 Description: Mattermost fails to negotiate a new token when accepting an invite. This allows a user who intercepts both the invite and the password to send...

Cisco Prime Infrastructure SQLi (cisco-sa-piepnm-bsi-25JJqsbb)

The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.10.6.2. It is, therefore, affected by a vulnerability. A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated,...

CVE-2025-4302

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

CVE-2025-4302 Stop User Enumeration < 1.7.3 - Protection Bypass

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

PT-2025-29904

Name of the Vulnerable Software and Affected Versions Stop User Enumeration WordPress plugin versions prior to 1.7.3 Description The Stop User Enumeration WordPress plugin blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. This protection can be bypassed by URL-encoding the...

CVE-2025-20272

CVE-2025-20272 : Affects a subset of REST APIs in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). An authenticated, low-privilege remote attacker could exploit insufficient input validation to perform a blind SQL injection, potentially viewing data from database ...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 - F5 BIG-IP iControl REST Authentication Bypass...

WordPress Sharable Password Protected Posts Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress Sharable Password Protected Posts, which stems from the REST API exposing a key that can be exploited by an...

CVE-2025-34101 Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter

An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component default port 23423. The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to...

Exploit for CVE-2024-25600

Bricks Builder RCE Exploit CVE-2024-25600 This project cont...

PT-2025-28896 · Ibm · Ibm Openpages

Name of the Vulnerable Software and Affected Versions: IBM OpenPages version 9.0 Description: IBM OpenPages 9.0 is susceptible to the disclosure of sensitive information. This is due to insufficient security measures implemented for specific REST API endpoints associated with the workflow...

CVE-2025-5920

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...

CVE-2025-5920

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...

CVE-2025-5920 Sharable Password Protected Posts < 1.1.1 - Unauthenticated Password Protect Post Access

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...

CVE-2025-5920 Sharable Password Protected Posts < 1.1.1 - Unauthenticated Password Protect Post Access

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...

CVE-2025-5920

CVE-2025-5920 affects the WordPress plugin Sharable Password Protected Posts (versions

CVE-2025-32918

Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, and 2.1.0 EOL allows an authenticated user to inject arbitrary Livestatus commands...

UBUNTU-CVE-2025-32918

Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, and 2.1.0 EOL allows an authenticated user to inject arbitrary Livestatus commands...

Exploit for Server-Side Request Forgery in Apache Kafka

Disclaimer: The vulnerabilities described in this article and...