SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the /api/query/sql interface, which only checked basic authentication, potentially allowing arbitrary SQL...

CVE-2026-25497 Craft has a GraphQL Asset Mutation Privilege Escalation

Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before 4.17.0-beta.1 and 5.9.0-beta.1, there is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access to one asset volume to escalate their...

CVE-2025-61653

Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from before 1.39.14, 1.43.4, 1.44.1...

UBUNTU-CVE-2025-61653

Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-67480 list=allrevisions can be used to bypass Extension:Lockdown

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

Allocation of Resources Without Limits or Throttling

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttli...

Information Exposure

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Information Exposure via the BlockListPager and...

CVE-2025-6927

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from = 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

CVE-2025-6927

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from = 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

CVE-2025-6927

CVE-2025-6927 affects Wikimedia Foundation MediaWiki components BlockListPager.Php and ApiQueryBlocks.Php, enabling information exposure via autoblocks/global suppressions. Affected versions include MediaWiki core releases 1.42.x prior to 1.39.13, 1.42.7–1.43.2, and 1.44.0; remediation is to upgr...

EUVD-2025-11088

Malicious code in bioql PyPI...

EUVD-2021-9356

Malicious code in bioql PyPI...

CVE-2024-56158 XWiki allows SQL injection in query endpoint of REST API with Oracle

XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Thi...

CVE-2025-24487

An unauthenticated attacker can infer the existence of usernames in the system by querying an API...

CVE-2025-31933

CVE-2025-31933 affects Growatt Cloud Applications. An unauthenticated attacker can enumerate usernames by querying an API; CNNVD cites affected versions 3.6.0 and earlier. The issue originates from unauthenticated access to a username list via the API. Red Hat and NVD entries corroborate the basi...

CVE-2025-31933 Growatt Cloud Applications Authorization Bypass Through User-Controlled Key

An unauthenticated attacker can check the existence of usernames in the system by querying an API...

PT-2025-16392

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description An unauthenticated attacker can check the existence of usernames in the system by querying an API. Recommendations At the moment, there is no information about a newer version that contains a...

How generate a Citrix Cloud bearer token and use it on a PowerShell API query

This article outlines the steps to generate a Citrix Cloud bearer tokenand use it on a PowerShell API query...

DEBIAN-CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

GitLab Input Validation Error Vulnerability (CNVD-2021-34555)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An input validation error vulnerability exists in GitLab...