Incorrect Authorization

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

EUVD-2025-199637

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...

PT-2025-48065

The Primakon Pi Portal 1.0.18 /api/V2/pp users?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value e.g., [email protected], an attacker can assume the session and gain...

@ichidao/ichi-sdk (>=0.0.63 <=0.0.249), @strkfarm/sdk (>=1.0.8 <=1.0.16) +3 more potentially affected by unknown CVE via coinmarketcap-api (=3.1.1)

coinmarketcap-api NPM version =3.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on coinmarketcap-api and may be impacted: - @ichidao/ichi-sdk =0.0.63, =1.0.8, =0.0.1, =1.0.0, =1.0.1, =1.0.2 Source cves: unknown CVE Source advisory:...

CVE-2025-13149

The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the "saveFutureActionData" function in all versions up to, and including,...

PT-2025-47275

Name of the Vulnerable Software and Affected Versions Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress versions through 1.2.5 Description The plugin is susceptible to unauthorized post modification because of insufficient authorization checks. Th...

Mozilla Firefox ESR < 52.4

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-22 advisory. - Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom...

CVE-2025-13319 Authenticated SQL injection in API - Digi On-Prem Manager

An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the attack...

CVE-2023-7328

CVE-2023-7328 affects Screen SFT DAB 600/C firmware versions up to and including 1.9.3, due to improper access control on the user management API that permits unauthenticated retrieval of structured user data and connection metadata (e.g., account names, client IP, timeout values). Public referen...

@bicou/directus-extension-imagga (>=1.6.3 <=1.6.6), @deconz-community/directus-extension-ddf-store (=0.1.0) +7 more potentially affected by CVE-2025-64749 via @directus/api (>=10.0.0 <=31.0.0)

@directus/api NPM version =10.0.0, =1.6.3, =1.2.2, =10.0.0, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2025-64749 Source advisory: OSV:GHSA-CPH6-524F-3HGR...

@bicou/directus-extension-imagga (>=1.6.3 <=1.6.6), @deconz-community/directus-extension-ddf-store (=0.1.0) +7 more potentially affected by CVE-2025-64748 via @directus/api (>=10.0.0 <=31.0.0)

@directus/api NPM version =10.0.0, =1.6.3, =1.2.2, =10.0.0, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2025-64748 Source advisory: OSV:GHSA-8JPW-GPR4-8CMH...

EUVD-2025-175336

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

CVE-2025-60645

A Cross-Site Request Forgery CSRF in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request...

xxl-api 安全漏洞

xxl-api is an interface management platform for Xu Xueli's individual developers. A security vulnerability exists in xxl-api v1.3.0, which stems from a cross-site request forgery in the management module that could lead to arbitrary user additions...

xxl-api 安全漏洞

xxl-api is an interface management platform for Xu Xueli's individual developers. A security vulnerability exists in xxl-api v1.3.0, which originates from a stored cross-site script in the line-of-business management module, which could lead to the execution of arbitrary web script or HTML...

PT-2025-46209

Name of the Vulnerable Software and Affected Versions Langfuse versions 2.70.0 through 2.95.10 Langfuse versions 3.0.0 through 3.124.0 Description Langfuse is a large language model engineering platform. In certain project membership APIs, the server improperly trusted a user-controlled orgId and...

CVE-2025-60541

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...

PT-2025-45383

Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0-rc.1 through 4.6.2 Description Zitadel is an open source identity management platform susceptible to secure Direct Object Reference IDOR attacks through its V2Beta API. Authenticated users with specific administrator rol...

EUVD-2025-37756

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iddenuncia' in '/backend/api/buscarComentariosByDenuncia.php'...

GO-2025-4072 Karmada Dashboard API Unauthorized Access Vulnerability in github.com/karmada-io/dashboard

Karmada Dashboard API Unauthorized Access Vulnerability in github.com/karmada-io/dashboard...