CVE-2026-21619 Unsafe Deserialization of Erlang Terms in hex_core

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

EUVD-2025-206248

Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows REST API modules.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10...

EUVD-2025-24555

Malicious code in bioql PyPI...

CVE-2025-8916

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules, Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All API modules allows Excessiv...

GHSA-67MF-3CR5-8W23 Bouncy Castle for Java on All (API modules) allows Excessive Allocation

A resource allocation vulnerability exists in Bouncy Castle for Java by Legion of the Bouncy Castle Inc. that affects all API modules. The vulnerability allows attackers to cause excessive memory allocation through unbounded resource consumption, potentially leading to denial of service. The issu...

CVE-2025-7672

CrossEditor4 (JiranSoft) is affected by CVE-2025-7672 due to an improper default setting in API modules that can lead to Stored XSS. Affected versions are 4.0.0.01 through 4.6.0.23; exploitation could persist malicious scripts in user contexts. The issue is documented across multiple sources, inc...

CVE-2025-7672 Stored-XSS possibility in Namo CrossEditor4

The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix API modules potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23...

CVE-2024-40601

An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules...

CVE-2024-40601

An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules...

CVE-2024-40601

An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules...

CVE-2024-40601

The CVE-2024-40601 entry concerns the MediaWikiChat extension for MediaWiki up to version 1.42.1, with a CSRF vulnerability in API modules. Affected component: MediaWikiChat extension (MediaWiki). Root cause stated: CSRF risk in API modules. Impact indicators from CVSS: integrity impact HIGH whil...

PT-2024-28937 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWikiChat extension for MediaWiki versions through 1.42.1 Description: An issue was discovered in the MediaWikiChat extension for MediaWiki, where CSRF can occur in API modules. Recommendations: For MediaWikiChat extension for MediaWiki...

CVE-2024-4018

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit local appliance api modules allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3...

CVE-2024-4018 Privilege Escalation in U-Series Appliance

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit local appliance api modules allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3...

CVE-2024-4018

CVE-2024-4018 is an improper privilege management vulnerability in BeyondTrust U-Series Appliance on Windows (64-bit local appliance API modules) that allows privilege escalation. Affected versions are 3.4 through before 4.0.3; the issue is mitigated by upgrading to 4.0.3 or later. The CVE’s docu...

com.redhat.rhevm.api:rhevm-api (>=0.1-milestone <=1.0-rc1.21), com.redhat.rhevm.api:rhevm-api-cli-actions (>=0.9-milestone1 <=0.9-milestone-4.4) +21 more potentially affected by CVE-2018-1051 via org.jboss.resteasy:resteasy-yaml-provider (>=2.0-RC1 <=3.0.24.Final)

org.jboss.resteasy:resteasy-yaml-provider MAVEN version =2.0-RC1, =0.1-milestone, =0.9-milestone1, =0.1-milestone, =0.1-milestone, =0.9-milestone1, =0.1-milestone, =0.1-milestone, =0.9-milestone1, =0.9-milestone3, =0.9-milestone1, =0.9-milestone1, =0.9-milestone3, =0.9-milestone1, =0.1-milestone,...

Updated mediawiki package fixes security vulnerabilities

Full path disclosure in MediaWiki before 1.20.7, when an invalid language is specified in ResourceLoader CVE-2013-4301. Several API modules in MediaWiki before 1.20.7 allowed anti-CSRF tokens to be accessed via JSONP CVE-2013-4302. An issue with the MediaWiki API in MediaWiki before 1.20.7 where ...