CVE-2025-12137

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...

CVE-2025-12038 Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...

CVE-2025-12180 Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update

The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.3. This is due to the plugin storing arbitrary CSS styles submitted via the qi-blocks/v1/update-styles REST API endpoint without proper sanitization in the updateglobalstylescallbac...

CVE-2025-46363

Dell Secure Connect Gateway SCG 5.0 Application and Appliance versions 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API if this REST API is enabled by Admin user from UI. A low privileged attacker with remote...

01os (>=0.0.1 <=0.0.14), 12factor-configclasses (>=0.2.1 <=0.2.6) +4440 more potentially affected by CVE-2025-62727 via starlette (>=0.10.1 <=0.49.0)

starlette PYPI version =0.10.1, =0.0.1, =0.2.1, =0.1.0, =0.3.6, =0.12.0, =0.4.2, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =0.1.9 and more Source cves: CVE-2025-62727 Source advisory: SNYK:PYTHON-STARLETTE-13733964...

CVE-2025-62979

Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through = 3.3.4...

CVE-2023-37749

Incorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper authorization...

CVE-2025-62979

CVE-2025-62979 concerns WordPress plugin ACF to REST API (versions &lt;= 3.3.4). Multiple sources describe an information disclosure vulnerability causing retrieval of embedded sensitive data via the REST API. The affected product is the WordPress ACF to REST API plugin; sources consistently refe...

CVE-2025-62979 WordPress ACF to REST API plugin <= 3.3.4 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through = 3.3.4...

CVE-2025-12136

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...

Security Bulletin: IBM MQ is affected by a denial of service vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty is used by IBM MQ as part of the IBM MQ Console and IBM MQ REST API functionality CVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...

Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-36047)

Summary A denial of service vulnerability was identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality CVE-2025-36047 Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server...

Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-36732)

Summary A denial of service vulnerability was identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality CVE-2025-36732 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 fo...

Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

CVE-2025-47410

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

CVE-2025-47410 Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

EUVD-2025-34753

Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerability could lead to a malicious actor gaini...

CVE-2025-10611

Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerability could lead to a malicious actor gaini...

CVE-2025-10611

CVE-2025-10611 describes an insufficient access-control implementation across multiple WSO2 Products, allowing bypass of authentication and authorization checks on certain REST APIs. This could let an unauthenticated actor invoke APIs and perform unauthenticated/unauthorized administrative operat...

CVE-2025-10732 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...