EUVD-2026-34996

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

CVE-2026-44633

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the 3gpp-pfd-management API. An attacker can create, read, and delete transaction state by sending requests with forged or arbitrary bearer tokens, even if the service is not declared in the configuration...

Exploit for Improper Input Validation in Microsoft

CVE-2026-27960 Overview The OpenCTI platform suffers from...

CVE-2025-41079

A stored Cross-Site Scripting XSS vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'...

CVE-2025-12137 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...

CVE-2021-42081

An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC http:///qstorapi/storageSystemModify?storageSystem==quantastor=;ls$IFS-al=4=5=;ls$IFS-al==;ls$IFS-al...

ZONG YU Parking Management System 安全漏洞

ZONG YU Parking Management System is a comprehensive intelligent parking management platform from China's ZONG YU company. A security vulnerability exists in the ZONG YU Parking Management System that stems from a lack of authentication in a specific API, which could lead to unauthenticated remot...

The vulnerability of the application software interface of Rockwell Automation’s PowerMonitor 1000 device for monitoring and controlling electrical networks allows a perpetrator to gain full access to the device.

The vulnerability of the application software interface of Rockwell Automation’s PowerMonitor 1000 monitoring and control device lies in the ability to create a privileged user bypassing the authentication mechanism. Exploiting this vulnerability could allow an intruder to gain full access to the...

The vulnerability of the application software interface of the Cisco Unified Computing System’s servers—Cisco UCS B-Series, Managed C-Series, and X-Series—is related to the failure to implement measures to neutralize specific elements. This allows attackers to execute arbitrary code and elevate their privileges to the root level.

The vulnerability of the application software interface of the Cisco Unified Computing System’s servers—Cisco UCS B-Series, Managed C-Series, and X-Series—is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability of the application software interface of the backup and recovery software for Veeam Service Provider Console (VSPC) for remote and cloud customers allows a perpetrator to execute arbitrary code.

The vulnerability of the application software interface for data backup and restoration solutions for Veeam Service Provider Console VSPC remote and cloud customers is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Xibo CMS SQL注入漏洞

Xibo CMS is an open source content management system from Xibo Digital Signage. Xibo CMS suffers from a SQL injection vulnerability that originates from allowing authenticated users to obtain and modify arbitrary data from the database by injecting specially crafted values into the API...

WordPress Tablesome plugin <= 1.0.33 - Sensitive Data Exposure via API vulnerability

Sensitive Data Exposure via API vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Tablesome versions = 1.0.33...

The vulnerability of the application software interface of the operating system PAN-OS allows a perpetrator to execute arbitrary code.

The vulnerability of the application programming interface of the PAN-OS operating system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the application software interface of the SolarWinds Access Rights Manager allows a violator to execute arbitrary code.

The vulnerability of the application software interface of the SolarWinds Access Rights Manager lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through the TCP port 443 remotely...

The vulnerability of the application software interface of ASUS RT-AX55, RT-AX56U, and RT-AC86U allows a hacker to execute arbitrary code.

The vulnerability of the application software interface of ASUS RT-AX55, RT-AX56UV2, and RT-AC86U lies in the use of uncontrolled format strings. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially created data...

The vulnerability of the application programming interface of the IAM and SSO Casdoor platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the application programming interface of the IAM and SSO Casdoor platform relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected...

Vulnerability of the API component: A software platform in Node.js that allows attackers to compromise data integrity

The vulnerability of the API component in the Node.js software platform is related to insufficient checking of the rejectUnauthorized value. Exploiting this vulnerability allows an attacker to compromise data integrity...

Cisco SD-WAN vManage 跨站脚本漏洞

Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. A cross-site scripting vulnerability exists in the API of Cisco SD-WAN vManage versions prior to 20.5.1, which stems from the API failing to...

The vulnerability of the REST API interface for managing physical infrastructure and virtual environments in Cisco UCS Director and Cisco UCS Director Express for Big Data allows a attacker to trigger a service failure.

The vulnerability of the REST API interface for managing physical infrastructure and virtual environments in Cisco UCS Director and Cisco UCS Director Express for Big Data is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to trigger...