WSO2多款产品 安全漏洞

WSO2 API Manager, among others, are products of the American company WSO2. The WSO2 API Manager is a suite of API lifecycle management solutions. The WSO2 API Control Plane is a control panel. The WSO2 Traffic Manager is a component designed to regulate and manage API traffic. Several WSO2 produc...

CVE-2025-3653

Summary of CVE-2025-3653 : Petlibro Smart Pet Feeder Platform (versions up to 1.7.31) suffers improper access control via device-control APIs. The vulnerability allows unauthorized manipulation by accepting arbitrary serial numbers without ownership verification, enabling an attacker to control a...

WSO2多款产品 安全漏洞

WSO2 Open Banking AM and others are products of WSO2, Inc. of the U.S.A. WSO2 Open Banking AM is an Open Banking Accelerator.WSO2 Open Banking IAM is an identity and access management solution for the Open Banking OB space.WSO2 Traffic WSO2 Traffic Manager is a component for regulating and managi...

WSO2多款产品 安全漏洞

WSO2 API Manager is an API lifecycle management solution, WSO2 Identity Server IS is an identity server, and WSO2 API Control Plane is a control panel. A security vulnerability exists in several WSO2 products that stems from a lack of output encoding on the authentication endpoint, which could le...

WSO2多款产品 安全漏洞

WSO2 API Manager and other products are products of WSO2 Corporation, USA.WSO2 API Manager is a set of API lifecycle management solutions.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a set of open source hybrid integration platform. A security vulnerability exists i...

WSO2多款产品 安全漏洞

WSO2 API Manager and others are products of WSO2, Inc. of the U.S. WSO2 API Manager is a suite of API lifecycle management solutions.WSO2 Identity Server IS is an identity server.WSO2 API Control Plane is a control panel. A security vulnerability exists in several WSO2 products that stems from an...

WSO2多款产品 安全漏洞

WSO2 API Manager is an API lifecycle management solution, WSO2 API Manager Analytics is an analytics component, and WSO2 API Control Plane is a control panel. A security vulnerability exists in a number of WSO2 products. The vulnerability stems from insufficient enforcement of permissions in the...

CVE-2025-32796 Dify Allows Unauthorized APP Enable/Disable via API

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...

CVE-2022-38730

Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in...

Interactive `run` permission prompt spoofing via improper ANSI neutralization

Summary Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. Details The main entry point comes down to the ability to override what the API control says 40process.js...

8x8 Bounty: connect.8x8.com: deactivated users remain access to /api/v1/users/UUID/roles

Vulnerability description not provided...

CVE-2022-24071

A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs...

API Portal: Introduction, Usage and Security Tips

As the name suggests, an API Portal is an intermediary used for connecting API suppliers and end-users. Situated on the company’s website, it’s a document featuring the key usages of API. While one tries to grasp the essence of API and its usage, knowing properly about API Portal is essential, as...

CVE-2018-6907

A Cross Site Request Forgery CSRF vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API...