EUVD-2026-24601

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...

CVE-2026-6834

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...

CVE-2026-6834

Technical details about CVE-2026-6834 are not publicly provided in the supplied documents. No affected products, versions, impact, or remediation are detailed here; monitor for updates.

CVE-2026-6834

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...

PT-2026-34247

CVE-2026-6834 The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specif… https://t.co/30wrzM11aW...

CVE-2020-12834

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

CVE-2019-20520

ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the api/method/ URI...

EUVD-2014-8877

Malware in sbrugna...

EUVD-2016-6355

Malware in sbrugna...

EUVD-2019-11064

Malware in sbrugna...

EUVD-2025-2571

Malicious code in bioql PyPI...

EUVD-2023-0160

Malicious code in bioql PyPI...

EUVD-2023-27402

Malicious code in bioql PyPI...

EUVD-2025-28267

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...

CVE-2022-48433

In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server...

BIT-MLFLOW-2023-30172

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

Path Traversal in TYPO3 Core

Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence...

PT-2024-40301 · Packagist · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A security issue exists due to a too loose type check in an API method. This allows attackers to bypass the directory traversal check by providing an invalid UTF-8 encoding sequence...

CVE-2023-6910 Uncontrolled Resource Consumption in M-Files Server

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests...

CVE-2023-23302

The Toybox.GenericChannel.setDeviceConfig API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the executi...