PT-2025-30941 · Hax Cms +1 · Hax Cms +2

Name of the Vulnerable Software and Affected Versions: HAX CMS versions 11.0.8 and below haxcms-php HAX CMS versions 11.0.13 and below haxcms-nodejs Description: The HAX CMS API endpoints do not perform authorization checks when interacting with resources. Both the JavaScript and PHP versions of...

ROS-20250616-22

A vulnerability in the Zabbix Universal Monitoring System server is related to excessive data output by an by the application. Exploitation of the vulnerability could allow a remote attacker to gain access to potentially sensitive information. to potentially sensitive information. A vulnerability...

CVE-2023-6202

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...

CVE-2025-3471

CVE-2025-3471 concerns the SureForms WordPress plugin, prior to version 1.4.4. The root cause is an insufficient authorisation check when updating plugin settings via the REST API, potentially allowing a user with Contributor or higher privileges to perform settings updates. Public details across...

CVE-2025-26523

This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation of this vulnerability could allow an authenticated remote attacker to modify information belonging to other...

PT-2025-5705 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and...