CVE-2025-6894

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative ping function, which is restricted ...

CVE-2025-6894

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative ping function, which is restricted ...

Moxa多款产品 安全漏洞

MOXA EDF-G1002-BP Series and so on are products of Moxa China.MOXA EDF-G1002-BP Series is a series of industrial-grade local area network LAN firewalls.Moxa EDR-8010 Series and so on are products of Moxa Taiwan.Moxa EDR-8010 Series is a series of secure routers.Moxa EDR-G9010 Series is a series o...

EUVD-2020-5544

Malware in sbrugna...

EUVD-2021-22850

Malware in sbrugna...

EUVD-2024-43282

Malicious code in bioql PyPI...

EUVD-2022-25997

Malicious code in bioql PyPI...

EUVD-2023-55703

Malicious code in bioql PyPI...

CVE-2025-53910

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...

PT-2025-30941 · Hax Cms +1 · Hax Cms +2

Name of the Vulnerable Software and Affected Versions: HAX CMS versions 11.0.8 and below haxcms-php HAX CMS versions 11.0.13 and below haxcms-nodejs Description: The HAX CMS API endpoints do not perform authorization checks when interacting with resources. Both the JavaScript and PHP versions of...

CVE-2025-34140

CVE-2025-34140 affects ETQ Reliance (CG/NXG platforms). An authorization bypass allows unauthenticated access to limited sensitive resources by appending a localized-text URI suffix to API endpoints. Root cause: misconfiguration in API authorization logic; fix implemented in SE.2025.1 and 2025.1....

Security Bulletin: RabbitMQ HTTP API Authorization Bypass Allows Unauthorized Queue Deletion

Summary RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host...

ROS-20250616-22

A vulnerability in the Zabbix Universal Monitoring System server is related to excessive data output by an by the application. Exploitation of the vulnerability could allow a remote attacker to gain access to potentially sensitive information. to potentially sensitive information. A vulnerability...

SICK Field Analytics和SICK Media Server 安全漏洞

SICK Field Analytics and SICK Media Server are both products of SICK GmbH, Germany.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from a lack of...

GO-2025-3742 Grafana's datasource proxy API allows authorization checks to be bypassed in github.com/grafana/grafana

Grafana's datasource proxy API allows authorization checks to be bypassed in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

Authorino Uncontrolled Resource Consumption vulnerability

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with...

CVE-2024-49209

Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system icons...

CVE-2023-6202

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...

CVE-2023-5454

The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts...

CVE-2021-36230

HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. Fixed in v202107-1...