69 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-40104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from...
EUVD-2013-4238
Malware in sbrugna...
EUVD-2023-29654
Malicious code in bioql PyPI...
EUVD-2023-27402
Malicious code in bioql PyPI...
EUVD-2022-39797
Malicious code in bioql PyPI...
API Versioning in Spring
In this 2nd blog post of the Road to GA series highlighting major features within the Spring portfolio for the next major versions to be released in November, I’m going to focus on the upcoming API Versioning support in Spring Framework 7. Introduction API versioning is a challenging topic. Most...
CVE-2025-59363
In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 even though this secret should only be returned when an App is first created,...
Malicious code in @epc-apps/api-version-test (npm)
The package @epc-apps/api-version-test was found to contain malicious code...
CVE-2025-29629
Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 uses weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits...
Cadwyn 跨站脚本漏洞
Cadwyn is an API version control application by the individual developer Stanislav Zmiev. A cross-site scripting vulnerability exists in Cadwyn 5.4.3 and earlier versions, which stems from insufficient validation of the /docs endpoint version parameter input and could lead to a reflective...
MAL-2025-5316 Malicious code in plugin-api-version (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f4f1500b9b02566e5be415a195e434461c5dc160084330f80c8eb4c726a2563b The OpenSSF Package Analysis project identified 'plugin-api-version' ...
Malicious code in plugin-api-version (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f4f1500b9b02566e5be415a195e434461c5dc160084330f80c8eb4c726a2563b The OpenSSF Package Analysis project identified 'plugin-api-version' ...
CVE-2024-4994
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL...
CVE-2025-32896
Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...
CVE-2023-42284
Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...
CVE-2017-11667
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session...
Denial of Service (DoS)
Overview hyperlpr3 is a vehicle license plate recognition. Affected versions of this package are vulnerable to Denial of Service DoS through the /api/v1/rec endpoint. An attacker can cause the server to consume excessive resources and become unavailable by appending characters, such as dashes -, ...
CVE-2024-42179
HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version...
GHSA-VXCF-C7MX-PG53 Build corruption when using `PYO3_CONFIG_FILE` environment variable
In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...
CVE-2023-42284
Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...