33 matches found
CVE-2026-13019
Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...
CVE-2026-13019
Esri Portal for ArcGIS, versions 12.1 and earlier, on Windows/Linux/Kubernetes, has a missing authentication flaw for a critical function, allowing a remote, unauthenticated attacker to access an unprotected API. The CVSSv3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with base score 9.8 (CRIT...
CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...
CVE-2026-24789
CVE-2026-24789 is described in the provided documents as an unprotected API endpoint that allows remote password modification without authentication. The reports (including NVD/Red Hat/CVE lists) state a critical impact (high confidentiality, integrity, and availability effects) with CVSS scores ...
CVE-2019-18980
On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. Th...
Mars: Sensitive information exposed at [███] via /export_panelists_to_xlsx endpoint
A vulnerability was identified that allowed unauthorized access to personally identifiable information through an unprotected API endpoint. The vulnerability exposed user email addresses and telephone numbers. The issue was classified under CWE-312 with a CVSS score of 6.1. The vulnerability was...
EUVD-2019-8640
Malware in sbrugna...
EUVD-2017-9760
Malware in sbrugna...
EUVD-2018-7529
Malware in sbrugna...
EUVD-2025-11135
Malicious code in bioql PyPI...
CVE-2025-10867
An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests...
CVE-2025-10867 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests...
CVE-2023-28645
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
CVE-2017-18669
An issue was discovered on Samsung mobile devices with N7.x software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 June 2017...
CVE-2025-27927
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...
CVE-2025-27927
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...
CVE-2025-27927
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...
CVE-2025-27927 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...
CVE-2025-27927 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...
CVE-2025-27927
CVE-2025-27927 concerns Growatt Cloud Applications (Growatt Cloud portal). Connected sources describe a vulnerability where an unauthenticated attacker can determine a list of smart devices by querying an unprotected API using a valid username, indicating weak access control on user-oriented API ...