42 matches found
USN-8366-1 luanti vulnerabilities
It was discovered that Luanti, when using LuaJIT, did not properly enforce Lua sandbox restrictions. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-40959 It was discovered that Luanti did not properly restrict access to insecure environments. An attacker could...
BIT-JRE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracl...
CVE-2025-69691
PfSense Community Edition 2.8.0 is affected by CVE-2025-69691, an authenticated remote code execution via the XMLRPC API endpoint pfsense.exec_php. The vulnerability allows executing arbitrary PHP code as root after authenticating with Basic Auth (the PoC notes usage of admin:pfsense, and the XML...
CVE-2025-32991
In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...
Parse Server's LiveQuery bypasses CLP pointer permission enforcement
Impact Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields. Any authenticated user can subscribe to LiveQuery events and receive real-time updates for all objects in classes protected by pointer permissions,...
CVE-2026-20001 Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities
A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...
CVE-2026-1104
CVE-2026-1104 affects the FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress. The vulnerability is due to a missing capability check on REST API endpoints across all versions up to and including 2.7.1, enabling authenticated attackers with Contributor-level access and above t...
Arbitrary Command Injection
Overview org.apache.continuum:continuum is an Apache Continuum is an enterprise-ready continuous integration server with features such as automated builds, release management, role-based security, and integration with popular build tools and source control management systems. Affected versions of...
EUVD-2025-206362
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...
PT-2025-52208
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...
CVE-2025-40937
A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute arbitrary code with limited...
CVE-2025-61754
Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Web Service API. Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher...
CVE-2025-36351
IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions...
IBM License Metric Tool 访问控制错误漏洞
The IBM License Metric Tool is a free tool from International Business Machines IBM that helps IBM Passport Advantage Software Upgrade and Support Services customers determine their Processor Value Unit PVU licensing needs. An Access Control Error vulnerability exists in IBM License Metric Tool...
CVE-2025-20347 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...
VulnCheck KEV: CVE-2025-34162
An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebServiceForFirstaidApp.asmx interface. The backend fails to properly sanitize user-supplied input i...
CVE-2021-26614
iusget.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command...
PT-2024-6327 · Veeam · Veeam Service Provider Console
Name of the Vulnerable Software and Affected Versions: Veeam Service Provider Console VSPC affected versions not specified Description: A code injection vulnerability allows a low-privileged user with REST API access to remotely upload arbitrary files to the VSPC server, leading to remote code...
PT-2024-3811 · Delinea · Delinea Pam Secret Server
Name of the Vulnerable Software and Affected Versions: Delinea Secret Server versions prior to 11.7.000001 Description: The issue is related to the use of a hardcoded key for encryption in the Delinea Secret Server, allowing a remote attacker to bypass the authentication procedure. This can be...
WordPress Plugin Maintenance Mode Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...