PT-2025-52455

Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...

CVE-2025-66906

Summary: CVE-2025-66906 is a CSRF vulnerability affecting Turms Admin API up to v0.10.0-SNAPSHOT, enabling attackers to gain escalated privileges. Affected software: Turms Admin API (Turms project), version range up to 0.10.0-SNAPSHOT. Vulnerability details: Cross Site Request Forgery; root cause...

CVE-2025-14777

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

CVE-2025-59302

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

CVE-2025-63291

When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying...

EUVD-2025-197655

When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying...

CVE-2025-63291

When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying...

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

EUVD-2021-1993

Malware in sbrugna...

EUVD-2018-9995

Malware in sbrugna...

EUVD-2021-0581

Malware in sbrugna...

EUVD-2017-7993

Malware in sbrugna...

EUVD-2020-3402

Malware in sbrugna...

EUVD-2020-0607

Malware in sbrugna...

EUVD-2018-4383

Malware in sbrugna...

EUVD-2020-3025

Malware in sbrugna...

EUVD-2025-32450

A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing manipulation of the argument cateid results in sql injection. Remote exploitation of the attack is possible...

CVE-2025-11288 CRMEB GET Parameter product sql injection

A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing a manipulation of the argument cateid results in sql injection. Remote exploitation of the attack is possible...

EUVD-2022-34216

Malicious code in bioql PyPI...

EUVD-2022-6691

Malicious code in bioql PyPI...