88 matches found
CVE-2025-12360 Better Find and Replace <= 1.7.7 - Missing Authorization
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
CVE-2025-40773
A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...
CVE-2025-40773
A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...
CVE-2025-40773
A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...
CVE-2025-50505
Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...
EUVD-2020-29639
Malware in sbrugna...
EUVD-2025-17087
Malicious code in bioql PyPI...
EUVD-2023-59669
Malicious code in bioql PyPI...
EUVD-2024-46875
Malicious code in bioql PyPI...
EUVD-2024-43465
Malicious code in bioql PyPI...
Radar 安全漏洞
Radar wind control engine is a lightweight real-time wind control engine by feihu.wang individual developers. A security vulnerability exists in Radar v1.0.8, which stems from improper access control and could lead to unauthorized access to sensitive APIs...
Exploit for Deserialization of Untrusted Data in Wazuh
CVE-2025-24016 Wazuh Remote Code Execution RCE - PoC 🚨 De...
CVE-2025-48904
Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-48904
Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-48904
Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-48904
CVE-2025-48904 affects Huawei’s HarmonyOS family (noted with HarmonyOS 5.0.0 in CNVD/CNNVD). The issue is described as: cards can call unauthorized APIs in the FRS process, which can impact availability if exploited. The NVD entry documents a LOCAL, low-attack‑complexity vector with no privileges...
CVE-2023-47142
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...
CVE-2025-42604 Detailed Error Response Vulnerability in Meon KYC solutions
This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related...
CVE-2025-42604 Detailed Error Response Vulnerability in Meon KYC solutions
This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related...