CVE-2021-27931

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...

CVE-2017-18890

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...

EUVD-2017-9980

Malware in sbrugna...

EUVD-2021-6852

Malicious code in bioql PyPI...

CVE-2025-6168 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests...

CVE-2024-25582

Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social...

Mattermost Permission Issues Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a privilege issue vulnerability that stems from insufficient privilege validation, which can be exploited by an attacker to view group information via an API request...

Ivanti Endpoint Manager Mobile Code Execution Vulnerability

Ivanti Endpoint Manager Mobile EPMM is an enterprise-grade mobile device management solution for centralized management and protection of mobile devices in the enterprise, supporting device enrollment, application distribution, security policy enforcement, and more. A code execution vulnerability...

Mattermost Fails to Verify User's Permissions When Accessing Groups

Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request...

CVE-2023-40723

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2...

CVE-2024-1222

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls...

Cisco Data Center Network Manager Certificate Validation Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A certificate validation vulnerability exists in Cisco Data Center Network Manager...