1080 matches found
CVE-2013-4859
INSTEON Hub 2242-222 lacks Web and API authentication...
PT-2025-21990 · Unknown · Easyvirt Dc Netscope
Name of the Vulnerable Software and Affected Versions: EasyVirt DC NetScope versions 8.7.0 and earlier Description: The issue allows remote authenticated attackers to execute arbitrary code. This can be achieved via several parameters, including the lang parameter to...
CVE-2025-3446
Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper validation of team invite permissions. An attacker can bypass access restrictions by exploiting the API to add unauthorized guest users to a team. Note: This is only exploitable if the attacker is...
PT-2025-21325 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.2 Mattermost versions 9.11.x through 9.11.11 Description: The issue is related to improper verification of a user's permissions when accessing groups. This allows an attacker to view group information v...
Privilege Escalation
github.com/kyverno/kyverno is vulnerable to Privilege Escalation. The vulnerability is due to missing error propagation in the GetNamespaceSelectorsFromNamespaceLister function and causing policy rules with namespace selectors to be skipped during admission review processing, allows an attacker...
CVE-2025-4427 Authentication Bypass
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API...
CVE-2025-46737
SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing CORS configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources...
PT-2025-25202 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.4 Mattermost versions 9.11.x through 9.11.13 Description: The issue allows guest users to bypass permissions and view information about public teams they are not members of via a direct API call to...
Wazuh Server 4.4.0 < 4.9.1 RCE
The version of Wazuh Server on the remote host is at least 4.4.0 and prior to 4.9.1. It is, therefore, affected by a remote code execution vulnerability: - Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh...
CVE-2025-47419 Non-Secure Access
Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from...
PT-2025-19990 · Crestron · Crestron Automate Vx
Name of the Vulnerable Software and Affected Versions: Crestron Automate VX versions 5.6.8161.21536 through 6.4.0.49 Description: The issue allows for the cleartext transmission of sensitive information, such as user passwords, due to the device allowing Web UI and API access over non-secure...
PT-2025-19345 · Totolink · Totolink A720R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A720R version 4.1.5cu.374 Description: A critical vulnerability has been found in the TOTOLINK A720R, affecting unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the topicurl argument with the input RebootSystem lead...
PT-2025-19771 · Misskey · Misskey
Name of the Vulnerable Software and Affected Versions: Misskey versions 12.31.0 through 2025.4.0 Description: The issue is related to missing validation in Mk:api, which allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. This is achieved by...
CVE-2025-46342
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...
PT-2025-18795 · Hashicorp +1 · Vault Community +3
Name of the Vulnerable Software and Affected Versions: Vault Community versions prior to 1.19.3 Vault Enterprise versions prior to 1.19.3, 1.18.9, 1.17.16, 1.16.20 Description: The Key/Value kv Version 2 plugin in Vault Community and Vault Enterprise may unintentionally expose sensitive informati...
PT-2025-18381
Name of the Vulnerable Software and Affected Versions Brainstorm Force SureTriggers versions 1.0.0 through 1.0.82 Description The issue is related to an incorrect privilege assignment vulnerability in Brainstorm Force SureTriggers, allowing privilege escalation. This vulnerability can be exploite...
CVE-2025-46342
Kyverno CVE-2025-46342 affects policy rules using namespace selectors in match statements. Prior to versions 1.13.5 and 1.14.0, a missing error propagation in GetNamespaceSelectorsFromNamespaceLister (pkg/utils/engine/labels.go) may cause those rules to be ignored during admission review, bypassi...
PT-2025-18296 · Kyverno · Kyverno
Name of the Vulnerable Software and Affected Versions: Kyverno versions prior to 1.13.5 and 1.14.0 Description: The issue concerns a policy engine where policy rules using namespace selectors in their match statements may not be applied correctly due to a missing error propagation in the...
CVE-2025-42604 Detailed Error Response Vulnerability in Meon KYC solutions
This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related...