48 matches found
CVE-2021-47782
Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vulnerability by sending crafted payloads to the /rass/api/v1/trafficCycle/ endpoint to manipulate...
PT-2026-1843
Name of the Vulnerable Software and Affected Versions affected versions not specified Description This issue enables unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. The attack is performed via the GET request parameters. T...
PT-2025-49345
The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible for unauthenticated...
EUVD-2021-28347
Malicious code in bioql PyPI...
EUVD-2023-29973
Malicious code in bioql PyPI...
PT-2025-40025
Name of the Vulnerable Software and Affected Versions MegaSys Telenium Online Web Application affected versions not specified Description The Telenium Online Web Application contains a critical command injection flaw stemming from an insecurely terminated regular expression check within a PHP...
CVE-2025-56413
OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...
GHSA-GCQF-PXGG-GW8Q Dpanel has an arbitrary file read vulnerability
Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. Details When a user logs into the administrative backend, this interface can read any files on the host/sever given the...
CVE-2025-53363 Dpanel has an arbitrary file read vulnerability
dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the q URL parameter in the /api/v2.0/users endpoint. An attacker can retrieve sensitive password hash and salt values by abusing the filtering capability to extract this information character by character. Note:...
ChestnutCMS 代码问题漏洞
ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A code issue vulnerability exists in ChestnutCMS 15.1 and earlier versions, which stems from a deserialization issue in API endpoint files...
CVE-2022-40928
Online Leave Management System v1.0 is vulnerable to SQL Injection via /leavesystem/classes/Master.php?f=deleteapplication...
CVE-2025-31132 Raven allows Remote Code Execution due to improper validation
Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10...
CVE-2025-25245
SAP BusinessObjects Business Intelligence Platform Web Intelligence contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a...
CVE-2025-25245 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
SAP BusinessObjects Business Intelligence Platform Web Intelligence contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a...
CVE-2025-25245
CVE-2025-25245 affects SAP BusinessObjects BI Platform (Web Intelligence). A deprecated web application endpoint that is not properly secured allows injection of a malicious URL via data returned to the user, enabling cross-site scripting within the victim’s browser. Impacts are limited to confid...
PT-2025-4043 · Unknown · Pankajindevops
Name of the Vulnerable Software and Affected Versions: pankajindevops affected versions not specified Description: A problematic issue has been detected in pankajindevops, affecting an unknown part of the API Endpoint component. This issue leads to improper access controls and can be initiated...
CVE-2025-20156
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...
PT-2024-34604 · Unknown · Linux Server Heimdall
Name of the Vulnerable Software and Affected Versions: Linux Server Heimdall version 2.6.1 Description: An issue in Linux Server Heimdall allows a remote attacker to execute arbitrary code via a crafted script to the "Add new application" endpoint. Recommendations: For Linux Server Heimdall versi...
PT-2024-32401 · Unknown · Apex Softcell Ld Geo
Name of the Vulnerable Software and Affected Versions: Apex Softcell LD Geo affected versions not specified Description: The issue exists due to improper validation of certain parameters Client ID, DPID, or BOID in the API endpoint. An authenticated remote attacker could exploit this by...