CVE-2022-42849

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges...

EUVD-2023-3250

Malicious code in bioql PyPI...

EUVD-2025-8232

Malicious code in bioql PyPI...

CVE-2025-4128

Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...

PT-2025-19771 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions 12.31.0 through 2025.4.0 Description: The issue is related to missing validation in Mk:api, which allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. This is achieved by...

Suspended Directus user can continue to use session token to access API

Summary Since the user status is not checked when verifying a session token a suspended user can use the token generated in session auth mode to access the API despite their status. Details There is a check missing in verifySessionJWT to verify that a user is actually still active and allowed to...

CVE-2024-1539

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API...

USN-7254-1 openjdk-21 vulnerability

It was discovered that the Hotspot component of OpenJDK 21 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information...

CVE-2024-12108 WhatsUp Gold - Public API signing key rotation issue

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API...

CVE-2024-8256

CVE-2024-8256 affects Teltonika Networks RUTOS and TSWOS devices due to incorrect permission handling in the API, enabling a lower-privileged user with default permissions to access critical device resources. Affected: RUTOS versions 7.0–7.7/7.8 exclusion (per PT-2024-38894 and CVE docs) and TSWO...

CVE-2024-33666

An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents...

SUSE-SU-2017:1233-1 Security update for openstack-magnum

This update for openstack-magnum fixes the following issues: Security issues fixed: - CVE-2016-7404: Magnum created instances have full API access to creating user's OpenStack account bsc998182. Bugfixes: - Fixed exception for InvalidParameterValue. - Updated patches have been tested against...