PT-2026-1522

Name of the Vulnerable Software and Affected Versions Progress MOVEit Transfer versions 2022.0.0 through 2022.0.10 Progress MOVEit Transfer versions 2022.1.0 through 2022.1.11 Progress MOVEit Transfer versions 2023.0.0 through 2023.0.8 Progress MOVEit Transfer versions 2023.1.0 through 2023.1.3...

PostgREST API Server Detected

PostgREST is a standalone web server that turns your PostgreSQL database directly into a RESTful API. By default, PostgREST does not implement any authentication or access control mechanisms, which can lead to unauthorized access to sensitive data if the server is exposed to untrusted networks...

CVE-2025-14072

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...

WordPress plugin Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-1023

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.19.0 Description Signal K Server is a server application used in marine environments. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API...

PT-2026-25819

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances, a system cross-platform monitoring tool, had insufficient host validation in its main REST/WebUI FastAPI application prior to version 4.5.2. This allowed the REST API, WebUI, and token...

PT-2025-54282

Name of the Vulnerable Software and Affected Versions Knowband Mobile App Builder WordPress plugin versions prior to 3.0.0 Description The plugin lacks proper authorization checks when deleting users through its REST API. This allows unauthenticated attackers to delete any user. The vulnerable AP...

CVE-2018-25137 FLIR Brickstream 3D+ 2.1.742.1842 Unauthenticated Config File Disclosure

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authenticati...

CVE-2025-14043 Tainacan <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation

The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the createitempermissionscheck function unconditionally returning true, which bypasses authentication and...

CVE-2025-12980

CVE-2025-12980 affects the WordPress plugin Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX . The vulnerability is a Missing Authorization to Unauthenticated Sensitive Information Exposure via the REST endpoint /ultp/v2/get_dynamic_content/ in all versions up to 5.0.3, enabl...

CVE-2025-64997

Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...

UBUNTU-CVE-2025-64997

Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...

CVE-2025-64997 Insufficient permission validation when showing agent information

Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...

CVE-2025-64997

CVE-2025-64997 pertains to Checkmk where insufficient permission validation in REST API endpoints can let low-privileged users view agent information, leading to information disclosure. The issue affects Checkmk versions prior to 2.4.0p17 and prior to 2.3.0p42. The Red Hat, Ubuntu, OSV, CNA/CVE r...

Release Information for Veeam Backup for Microsoft 365 8.3

More Recent Version Available Please find the latest version of Veeam Backup for Microsoft 365 here: Veeam Downloads - Latest Version Build Numbers and Versions of Veeam Backup for Microsoft 365 Requirements This release can be used to: upgrade an existing v7, v8, v8.1, or v8.2 deployment of Veea...

WuppieFuzz: Coverage-Guided, Stateful REST API Fuzzing

Many business processes currently depend on web services, often using REST APIs for communication. REST APIs expose web service functionality through endpoints, allowing easy client interaction over the Internet. To reduce the security risk resulting from exposed endpoints, thorough testing is...

CVE-2025-14156

The Fox LMS – WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the plugin not properly validating the 'role' parameter when creating new users via the /fox-lms/v1/payments/create-order REST API endpoint...

CVE-2025-12809 dokan pro <= 4.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

EUVD-2025-203498

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

CVE-2025-13950

The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin processing POST requests without verifying...