58 matches found
CVE-2025-66698
An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints...
Exploit for CVE-2025-55462
CVE-2025-55462 --- Vulnerability Summary A CORS misconf...
EUVD-2026-1678
Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4...
CVE-2026-21445 Langflow Missing Authentication on Critical API Endpoints
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via exposed API endpoints that do not require authentication. An attacker can perform unauthorized model management operations by sending crafted requests to these endpoints...
CVE-2025-68435 Zerobyte has Authentication Bypass by Primary Weakness
Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied to API endpoints. This results in certain API endpoints being accessible without valid session credentials. This...
Primakon Pi Portal 安全漏洞
Primakon Pi Portal is a project, contract management platform from Primakon Croatia. A security vulnerability exists in Primakon Pi Portal version 1.0.18, which stems from insufficient authentication of API endpoints and could lead to unauthorized data access...
CVE-2023-7322
Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check coul...
PT-2025-44756
Name of the Vulnerable Software and Affected Versions Elastic Cloud Enterprise affected versions not specified Description An improper authorization issue exists in the Elastic Cloud Enterprise platform’s application programming interfaces. Exploitation of this issue may allow a remote attacker t...
CVE-2025-62714 Karmada Dashboard API Unauthorized Access Vulnerability
Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...
EUVD-2018-12507
Malware in sbrugna...
EUVD-2021-27673
Malicious code in bioql PyPI...
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability
A Denial of Service DoS vulnerability exists in open-webui/open-webui version 0.3.21. This vulnerability affects multiple endpoints, including /ollama/models/upload, /audio/api/v1/transcriptions, and /rag/api/v1/doc. The application processes multipart boundaries without authentication, leading t...
PT-2025-7177 · Rupeeweb · Rupeeweb
Name of the Vulnerable Software and Affected Versions: RupeeWeb trading platform affected versions not specified Description: This issue exists due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation could allow an...
PT-2025-4986 · New Media One · New Media One Geodigs
Name of the Vulnerable Software and Affected Versions: New Media One GeoDigs versions prior to 3.4.1 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject malicious script...
PT-2024-17021 · Red Hat · Ansible +1
Name of the Vulnerable Software and Affected Versions: Ansible Automation Platform AAP affected versions not specified Ansible nan affected versions not specified Description: A vulnerability was found in the Ansible Automation Platform AAP and Ansible nan, allowing attackers to escalate privileg...
CVE-2024-20341
A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a browser that is accessing an affected...
PT-2024-33570 · Henrique Rodrigues · Safetyforms
Name of the Vulnerable Software and Affected Versions: Henrique Rodrigues SafetyForms versions n/a through 1.0.0 Description: A Cross-Site Request Forgery CSRF issue allows Blind SQL Injection. This means an attacker can trick a user into performing unintended actions on the web application,...
Reedos aiM-Star 安全漏洞
Reedos aiM-Star is a software product from Reedos for mutual fund distribution. A security vulnerability exists in Reedos aiM-Star version 2.0.1, which stems from a lack of rate limiting for OTP requests in certain API endpoints, which could allow an attacker to send multiple OTP requests through...
nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)
A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...