CVE-2026-7250 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unauthenticated user to cause denial of service due to improper input validation in the API request...

[SECURITY] Fedora 44 Update: python-pulp-glue-0.37.0-5.fc44

pulp-glue is a library to ease the programmatic communication with the Pulp3 API. It helps to abstract different resource types with so called contexts and allows to build or even provides complex workflows like chunked upload or waiting on tasks. It is built around an openapi3 parser to provide...

2N Access Commander 安全漏洞

2N Access Commander is an access control solution provided by 2N Corporation. Versions of 2N Access Commander prior to 3.4.2 contained security vulnerabilities. These vulnerabilities were due to improper validation of API endpoints, which could allow bypassing password policies that rely on backu...

Cross-Site Request Forgery (CSRF)

Liferay Portal is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of requests in the Headless API endpoint parameter, which allows a remote attacker to execute arbitrary Headless API calls by crafting a malicious request...

EUVD-2020-22863

Malware in sbrugna...

EUVD-2014-4317

Malware in sbrugna...

EUVD-2022-5577

Malicious code in bioql PyPI...

EUVD-2023-30272

Malicious code in bioql PyPI...

CVE-2025-25020

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input...

PT-2025-23635 · Ibm · Ibm Cloud Pak For Security +1

Name of the Vulnerable Software and Affected Versions: IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 Description: The issue allows an authenticated user to cause a denial of service due to improperly validating API dat...

CVE-2023-6070

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn...

CVE-2025-46737 Origin Validation Error

SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing CORS configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources...

Cisco Catalyst SD-WAN Manager Arbitrary File Creation (cisco-sa-sdwanarbfile-2zKhKZwJ)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an...

CVE-2024-42189 HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack

HCL BigFix Web Reports might be subject to a Denial of Service DoS attack, due to a potentially weak validation of an API parameter...

PT-2025-6191 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows uploading files to unexpected locations on the host using an API endpoint. This is due to a lack of validation in a field, which could potentially result in ways to...

CVE-2024-47085

This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to...

PT-2023-28589 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.6.0-beta.2 Description: BigBlueButton is an open-source virtual classroom. The issue arises from the insertDocument API call not validating the given file extension before saving the file and not removing it ...

CVE-2023-2791 Playbooks lets you edit arbitrary posts

When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post...

Two New Security Flaws Reported in Ghost CMS Blogging Software

Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Ghost is an open source blogging platform that's used in more than 52,600 live websites, mos...

ghost vulnerable to unauthorized newsletter modification via improper access controls

Impact On sites where members is enabled this is the default it is possible for members unprivileged users to make changes to newsletter settings. This gives unprivileged users the ability to view and change settings they were not intended to have access to. They are not able to escalate their...