EUVD-2025-33286

An issue in the permission verification module and organization/application editing interface in Casdoor before 2.26.0 allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after log...

PT-2025-41233

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A missing authorization check exists in the API endpoint responsible for managing custom domains, located at /custom-domains. This allows for unauthorized manipulation of custom domain settings...

PT-2025-41175

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1.3.2 Description Nagios Log Server before version 2024R1.3.2 allows authenticated users with read-only API access to stop the Elasticsearch service. This is achieved by making a call to the...

CVE-2025-58580

CVE-2025-58580 affects SICK Enterprise Analytics (and related SICK Analytics products) where an API endpoint allows creation of arbitrary log entries via POST without sufficient input validation. The root cause is insecure input handling, enabling an attacker to create manipulated or diluted logs...

Lovable VDP: Improper Authorization Leads to Editor can toggle admin-only workspace features (Lovable Cloud)

A vulnerability was discovered where an account with the Editor role could call an API endpoint that disabled workspace-wide admin-only features. This was due to a lack of server-side role checks, allowing a vertical privilege escalation...

CVE-2025-11288

A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing a manipulation of the argument cateid results in sql injection. Remote exploitation of the attack is possible...

EUVD-2025-30940

Malicious code in bioql PyPI...

EUVD-2023-32715

Malicious code in bioql PyPI...

EUVD-2023-32712

Malicious code in bioql PyPI...

EUVD-2024-19352

Malicious code in bioql PyPI...

EUVD-2023-32713

Malicious code in bioql PyPI...

EUVD-2025-29657

Malicious code in bioql PyPI...

CVE-2025-27236

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A security vulnerability exists in Zabbix that stems from the ability for a user to search for other users in a user group and select...

CVE-2025-24525

Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available ...

ThriveX-Blog 安全漏洞

ThriveX-Blog is a blog management system by the individual developer LiuYuYang01. A security vulnerability exists in ThriveX-Blog versions 2.5.9 through 3.1.3, which originates from the unauthenticated /api/assistant/list endpoint and could lead to the disclosure of sensitive information...

discover

This is a collection of custom bash scripts used to automate various penetration testing tasks, including reconnaissance, scanning, enumeration, and malicious payload creation using Metasploit. The scripts are designed to be used with Kali Linux. The scripts are organized into several categories,...

CVE-2025-54831

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...

CVE-2025-10947

A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing a manipulation of the argument pescpf can lead to authorization bypass. The attack can be...

GHSA-Q58R-HWC8-RM9J vulnerabilities

Vulnerabilities for packages: rancher-api-ui...