SUSE CVE-2017-18915

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access...

EUVD-2017-10006

Malware in sbrugna...

EUVD-2025-22957

Malicious code in bioql PyPI...

EUVD-2022-42278

Malicious code in bioql PyPI...

EUVD-2024-24977

Malicious code in bioql PyPI...

EUVD-2025-22954

Malicious code in bioql PyPI...

CVE-2025-51308

CVE-2025-51308 affects Gatling Enterprise, versions below 1.25.0. A low-privileged user without the admin role can issue REST API calls to read-only endpoints and collect information due to missing authorization checks. The issue is described as unauthorized access to information via read-only en...

CVE-2025-54766

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information...

CVE-2025-54768

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information...

CVE-2025-54765

CVE-2025-54765 concerns XorMon-NG from Xorux. Affected: version 1.8 and earlier. An API endpoint that should be restricted to web app administrators is accessible to lower-level read-only users, enabling import of appliance configuration and potentially granting administrative privileges. The vul...

PT-2025-31155 · Xorux · Xormon-Ng

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: An API endpoint intended for web application administrators is accessible to lower-level read-only users. This allows unauthorized export of the appliance...

GHSA-24CH-W38V-XMH8 Juju zip slip vulnerability via authenticated endpoint

Impact Any user with a Juju account on a controller can upload a charm to the /charms endpoint. No specific permissions are required - it's just sufficient for the user to exist in the controller user database. A charm which exploits the zip slip vulnerability may be used to allow such a user to...

PT-2025-27015

Name of the Vulnerable Software and Affected Versions: UTT HiPER 840G versions up to 3.1.1-190328 Description: A critical issue affects the strcpy function of the /goform/setSysAdm file in the API component. The manipulation of the passwd1 argument leads to buffer overflow, allowing remote attack...

PT-2025-24383 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.19 multi Description: A critical vulnerability was found in the Tenda AC15 router, specifically affecting the formSetPPTPUserList function of the /goform/setPptpUserList file in the HTTP POST Request Handler...

PT-2025-23169 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.12 Mattermost versions 10.5.x through 10.5.3 Mattermost versions 10.6.x through 10.6.2 Mattermost versions 10.7.x through 10.7.0 Description: The issue is related to the improper validation of permissio...

PT-2025-23022 · Sscms · Sscms

Name of the Vulnerable Software and Affected Versions: SSCMS version 7.3.1 Description: The issue allows attackers to read arbitrary files by sending a crafted GET request to the "/cms/templates/templatesAssetsEditor" API endpoint, exploiting a flaw in the ReadTextAsynchronous function...

CVE-2025-48741

CVE-2025-48741 affects StrangeBee TheHive. A Broken Access Control flaw allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks via a specific API endpoint. Affected ranges and fixes: 5.2.0–5.2.15 → upgrade to 5.2.16+, 5.3.0–5.3.10 → upgrade to ...

PT-2025-22638 · Cyberdava · Cyberdava

Name of the Vulnerable Software and Affected Versions: CyberDAVA versions prior to 1.1.20 Description: A privilege escalation issue allows a low-privileged user to escalate their privilege by abusing the API endpoint "/api/v2/users/user//role/ROLE/" due to the lack of access control, potentially...

CVE-2025-4430 Unauthorized file manipulation in EZD RP

Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 published on 22nd August 2024...

PT-2025-19923 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A vulnerability was found in MRCMS, classified as problematic, affecting an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has...