Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the 3gpp-pfd-management API. An attacker can create, read, and delete transaction state by sending requests with forged or arbitrary bearer tokens, even if the service is not declared in the configuration...

Exploit for Improper Input Validation in Microsoft

CVE-2026-27960 Overview The OpenCTI platform suffers from...

CVE-2025-41079

A stored Cross-Site Scripting XSS vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'...

CVE-2025-12137 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...

CVE-2021-42081

An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC http:///qstorapi/storageSystemModify?storageSystem==quantastor=;ls$IFS-al=4=5=;ls$IFS-al==;ls$IFS-al...

ZONG YU Parking Management System 安全漏洞

ZONG YU Parking Management System is a comprehensive intelligent parking management platform from China's ZONG YU company. A security vulnerability exists in the ZONG YU Parking Management System that stems from a lack of authentication in a specific API, which could lead to unauthenticated remot...

Xibo CMS SQL注入漏洞

Xibo CMS is an open source content management system from Xibo Digital Signage. Xibo CMS suffers from a SQL injection vulnerability that originates from allowing authenticated users to obtain and modify arbitrary data from the database by injecting specially crafted values into the API...

WordPress Tablesome plugin <= 1.0.33 - Sensitive Data Exposure via API vulnerability

Sensitive Data Exposure via API vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Tablesome versions = 1.0.33...

Cisco SD-WAN vManage 跨站脚本漏洞

Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. A cross-site scripting vulnerability exists in the API of Cisco SD-WAN vManage versions prior to 20.5.1, which stems from the API failing to...

Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data

Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. According to the tech giant, a security vulnerability in one of Google+'s People AP...