CVE-2005-0968

Computer Associates CA eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API...

CVE-2025-20257

A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Th...

CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2025-20257

Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager are affected by CVE-2025-20257. The issue stems from insufficient authorization enforcement on a specific API, allowing an authenticated, low-privilege user to perform crafted API calls and generate fraudule...

CVE-2025-20114

CVE-2025-20114 concerns Cisco Unified Intelligence Center API security. The published entries indicate an authenticated, remote attacker could exploit insufficient validation of user-supplied API parameters to perform an insecure direct object reference (IDOR) attack, enabling horizontal privileg...

PT-2025-22381 · Cisco · Cisco Secure Network Analytics Manager +1

Name of the Vulnerable Software and Affected Versions: Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager affected versions not specified Description: A vulnerability in the API subsystem could allow an authenticated, remote attacker with low privileges to...

CVE-2025-48391

In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API...

CVE-2025-48391

In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API...

CVE-2025-4477

The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API...

CVE-2025-47792 Nextcloud Desktop 3rdparty applications can create share links via socket API

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

CVE-2025-3446

Summary: Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x

CVE-2025-4428 Remote Code Execution

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests...

Medium: libxml2

Issue Overview: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

PT-2025-20910 · Owl-Admin · Owladmin

Name of the Vulnerable Software and Affected Versions: owl-admin versions 3.2.2 through 4.10.2 Description: The issue is related to SQL Injection in the "/admin-api/system/admin menus/save order" API endpoint. Recommendations: For versions 3.2.2 through 4.10.2, consider disabling access to the...

CVE-2025-28055

The CVE-2025-28055 entry concerns upset-gal-web v7.1.0, where the /api/music/v1/cover.ts endpoint is vulnerable to an arbitrary file read. CVSSv3.1 base score 7.5 (HIGH) with network access, no privileges, no user interaction required; impact limited to confidentiality. The root cause details are...

CVE-2025-4542

CVE-2025-4542 affects Freeebird Hotel 酒店管理系统 API up to version 1.2. The issue is due to the code in /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java that permits cross-domain requests from untrusted domains. The vulnerability can be triggered remotely, with high attack complexity and...

PT-2025-20664 · Unknown · Freeebird Hotel

Name of the Vulnerable Software and Affected Versions: Freeebird Hotel 酒店管理系统 API versions up to 1.2 Description: A problematic issue has been found in the API, affecting some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. This leads to a permissi...

CVE-2025-20210

A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could...

CVE-2025-45887

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery SSRF in /api/file/getRemoteContent...

CVE-2025-45887

Yifang CMS v2.0.2 is affected by a Server-Side Request Forgery (SSRF) vulnerability in the /api/file/getRemoteContent endpoint. The CVE-2025-45887 entry shows a CVSSv3.1 base score of 9.1 (CRITICAL) with network attack vector, low attack complexity, no privileges required, and no user interaction...