Distribution 安全漏洞

Distribution is an open-source toolset developed by Distribution, used for packaging, transporting, storing, and delivering content. Versions of Distribution prior to 3.1.1 contained security vulnerabilities. These vulnerabilities stemmed from bypassing the storage.delete.enabled: false...

CVE-2026-40196

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

EUVD-2026-14955

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

GO-2026-4462 Mattermost Server server restarts may provide attackers with API access in github.com/mattermost/mattermost-server

Mattermost Server server restarts may provide attackers with API access in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive repor...

CVE-2025-60936

Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...

CVE-2025-60279

A server-side request forgery SSRF vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal services via the API. An attacker can leverage this to enumerate open ports based on response discrepancies and interact with internal...

CVE-2024-50645

MallChat v1.0-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token...

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 10.10.0 through 11.5.0, which stems from a lack of user state checking and could lead to improper API access...

EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞

EasyVirt DC Scope and EasyVirt CO2 Scope are both products of the French company EasyVirt.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution for IT services, virtual machines and servers in...

PT-2024-7078 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 11.4 through 17.2.8 GitLab EE/CE versions 17.3 through 17.3.4 GitLab EE/CE versions 17.4 through 17.4.1 Description: The issue is related to errors in the representation of given functions in the GitLab platform, allowin...

PT-2024-13412 · Ibm · Ibm Tivoli Application Dependency Discovery Manager

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Application Dependency Discovery Manager versions 7.3.0.0 through 7.3.0.10 Description: The issue allows an attacker on the organization's local network to escalate their privileges due to unauthorized API access. Recommendations:...

PT-2023-23657 · Neuvector · Neuvector

Name of the Vulnerable Software and Affected Versions: NeuVector versions prior to 5.2.2 Description: A user can reverse engineer the JSON Web Token JWT used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector, potentially leadi...

Airspan Mmp 安全漏洞

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks U.S.A. An authorization issue vulnerability exists in Airspan Networks Mmp, which could be exploited by attackers to access these API routes and enable remot...

Newphoria Photon Application Authentication Bypass Vulnerability

Newphoria Photon for Android is a suite of lighting applications based on the Android platform from the Japanese company Newphoria. A security restriction bypass vulnerability exists in the Newphoria Photon application. It allows attackers to bypass URL whitelisting protection mechanisms and gain...