CVE-2025-66286

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

CVE-2025-8850

In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication 2FA flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend do...

EUVD-2019-6508

Malware in sbrugna...

This Week in Spring - October 7th, 2025

Hi, Spring fans! How're you doing this fantastic October afternoon? I'm on a train returning from Frankfurt, Germany, where I spoke at the Cloud Foundry Day Frankfurt event about how awesome it is to build an application with Spring Boot and Cloud Foundry. Yesterday I was in Antwerp, Belgium, and...

EUVD-2022-46977

Malicious code in bioql PyPI...

CVE-2022-44014

An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...

CVE-2022-48644

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc-destroy gets called even if qdisc-init never succeeded, not exclusively since commit 87b60cfacf9f "netsched:...

CVE-2022-48644 net/sched: taprio: avoid disabling offload when it was never enabled

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc-destroy gets called even if qdisc-init never succeeded, not exclusively since commit 87b60cfacf9f "netsched:...

ALSA-2023:3840 Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

Design/Logic Flaw

An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...

CVE-2022-44014

An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...

CVE-2022-44014

Summary: CVE-2022-44014 affects Simmeth Lieferantenmanager (pre-5.6). The API design flaw in /DS/LM_API/api/SelectionService/GetPaggedTab allows a user to fetch arbitrary SQL tables, leaking all user passwords and MSSQL hashes. The issue originates from the API’s access control/validation, enabli...

Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Simmeth System GmbH Supplier manager Lieferantenmanager vulnerable version: 5.6 fixed version: 5.6 CVE number: CVE-2022-44012,...

Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

CVE-2019-15523

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLSEWARNINGALERTRECEIVED of the gnutlshandshake function. It neglects to call this function again, as required by the design of the API...

CVE-2019-15523

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLSEWARNINGALERTRECEIVED of the gnutlshandshake function. It neglects to call this function again, as required by the design of the API...

Efficient Go APIs with the mid-stack inliner

A common task in Go API design is returning a byte slice. In this post I will explore some old techniques and a new one that became possible in Go 1.12 with the introduction of the mid-stack inliner. Returning a fresh slice The most natural approach is to return a fresh byte slice, like...

[SECURITY] Fedora 26 Update: sqlite-3.19.3-1.fc26

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

FreeBSD : ikiwiki -- multiple vulnerabilities (5ed094a0-0150-11e7-ae1b-002590263bf5)

Mitre reports : ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page...

ikiwiki -- multiple vulnerabilities

Mitre reports: ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page...