EUVD-2024-46960

Malicious code in bioql PyPI...

EUVD-2024-2415

Malicious code in bioql PyPI...

CVE-2025-57446

An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote attackers to cause a denial of service DoS via a crafted request to the Subscription Manager API component...

WordPress B Slider plugin server-side request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress B Slider plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function not implementing an adequate validation mechanis...

CVE-2025-8680

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fsapirequest function. This makes it possible for authenticated attackers, with subscriber-level access and above to make web requests to...

CVE-2025-8680

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fsapirequest function. This makes it possible for authenticated attackers, with subscriber-level access and above to make web requests to...

CVE-2025-8680 B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fsapirequest function. This makes it possible for authenticated attackers, with subscriber-level access and above to make web requests to...

WordPress plugin B Slider 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress B Slider plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function not implementing an adequate validation mechanis...

CVE-2025-29556

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...

CVE-2025-29556

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...

CVE-2025-29556

ExaGrid EX10 vulnerable to Incorrect Access Control (CVE-2025-29556) in versions 6.3–7.0.1.P08. A flaw in the account creation flow allows an Admin to bypass restrictions via API request manipulation, enabling creation of Security Officer accounts without prior approval. Attack scenario: an Admin...

CVE-2025-29556

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...

Cisco Identity Services Engine Injection Vulnerability

Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an...

Cisco Identity Services Engine Injection Vulnerability

Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an...

CVE-2025-54134

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles...

CVE-2025-54134

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles...

CVE-2025-54134 HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles...

Cisco ISE和Cisco ISE-PIC 注入漏洞

Cisco ISE and Cisco ISE-PIC are both products of the U.S. Cisco Cisco.Cisco ISE is the identity services engine introduced by Cisco, mainly used for network access control and security management.Cisco ISE-PIC is the passive identity connector of the Cisco Identity Services Engine, which is mainl...

CVE-2025-7204

In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users...

CVE-2025-3396

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests...