CVE-2025-0190 Denial of Service in aimhubio/aim

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

CVE-2025-0190 Denial of Service in aimhubio/aim

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

CVE-2025-0190

CVE-2025-0190 affects the Aim web server in the aimhubio/aim package (version 3.25.0). The underlying issue is an excessive data query operation: tracking a large number of Text objects and then querying them simultaneously via the web API can cause the server to become unresponsive to other requ...

DB-GPT SQL注入漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. DB-GPT version v0.6.0 suffers from a SQL injection vulnerability that originates from the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries, which can be...

Synology DiskStation Manager（DSM）和Synology BeeStation Manager 安全漏洞

Synology DiskStation Manager DSM and Synology BeeStation Manager are both products of China-based Synology Corporation.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. The operating system manages information such as data, files, photos, music, etc...

[SECURITY] Fedora 40 Update: python-spotipy-2.25.1-1.fc40

A light weight Python library for the Spotify Web API...

[SECURITY] Fedora 41 Update: python-spotipy-2.25.1-1.fc41

A light weight Python library for the Spotify Web API...

Spotipy 安全漏洞

Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A security vulnerability exists in Spotipy versions prior to 2.25.1, which stems from the CacheHandler class creating a cache file with overly lax permissions, which could lead to the disclosure ...

CVE-2025-20075

CVE-2025-20075 describes a Server-Side Request Forgery (SSRF) in FileMegane by JIP InfoBridge. Affected versions are above 3.0.0.0 and below 3.4.0.0; the issue allows executing arbitrary backend Web API requests, with potential for rebooting services. Root cause is SSRF in FileMegane’s handling o...

CVE-2025-20075

Server-side request forgery SSRF vulnerability exists in FileMegane versions above 3.0.0.0 prior to 3.4.0.0. Executing arbitrary backend Web API requests could potentially lead to rebooting the services...

CVE-2024-33504

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability CWE-321 in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the...

CVE-2024-46890

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code...

CVE-2024-53829

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...

PYSEC-2025-12

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions,including but not...

PYSEC-2025-12

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...

CodeChecker 跨站请求伪造漏洞

CodeChecker is an open source Clang Static Analyzer and Clang Tidy analysis tool, defect database and viewer extension from Ericsson. A security vulnerability exists in CodeChecker versions prior to 6.24.5 that stems from the presence of a cross-site request forgery vulnerability that allows an...

PT-2025-2984

Name of the Vulnerable Software and Affected Versions CodeChecker versions through 6.24.4 Description Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged-in user and use the web API with the same permissions, including adding, removing, or editin...

Deserialization of Untrusted Data

Overview rasa-pro is a State-of-the-art open-core Conversational AI framework for Enterprises that natively leverages generative AI for effortless assistant development. Affected versions of this package are vulnerable to Deserialization of Untrusted Data by loading a maliciously crafted model in...

Deserialization of Untrusted Data

Overview rasa is an Open source machine learning framework to automate text- and voice-based conversations: NLU, dialogue management, connect to Slack, Facebook, and more - Create chatbots and voice assistants Affected versions of this package are vulnerable to Deserialization of Untrusted Data b...

Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API

Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings resid...