CVE-2025-9321

The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'apirequests' function. This makes it possible for unauthenticated attackers to call arbitrary functions and execute cod...

CVE-2025-37128

CVE-2025-37128 affects HPE Aruba Networking EdgeConnect SD-WAN Gateways web API. The vulnerability could allow an authenticated remote attacker to terminate arbitrary running processes, potentially disrupting system operations and causing an unstable state. Reports in multiple sources note fixes/...

HPE Aruba Networking EdgeConnect SD-WAN Gateways 安全漏洞

HPE Aruba Networking EdgeConnect SD-WAN Gateways is an edge gateway appliance from HPE America. A security vulnerability exists in HPE Aruba Networking EdgeConnect SD-WAN Gateways, which stems from a flaw in the web API, which could allow an authenticated, remote attacker to terminate an arbitrar...

Arbitrary File Read

github.com/donknap/dpanel is vulnerable to Arbitrary File Read. The vulnerability is due to improper access control in the /api/app/compose/get-from-uri interface, which allows an attacker logged into Dpanel to read arbitrary files...

CVE-2025-27238 API hostprototype.get lists data to users with insufficient authorization.

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them...

CVE-2025-8557

An internal product security audit of Lenovo XClarity Orchestrator LXCO discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator LXCO network segment may be able to manipulate the local device to create an alternate communication channel...

PT-2025-37252

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.124 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.7 Description: An Insecure Direct Object Reference IDOR vulnerability exists in Liferay Portal an...

Linux Distros Unpatched Vulnerability : CVE-2024-38370

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without...

Linux Distros Unpatched Vulnerability : CVE-2021-45327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remo...

Metabase 0.44.x < 0.44.7 / 0.45.x < 0.45.4 / 0.46.x < 0.46.3 / 1.44.x < 1.44.7 / 1.45.x < 1.45.4 / 1.46.x < 1.46.3

The version of Metabase installed on the remote host is affected by an access control vulnerability. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that...

Cisco Nexus Dashboard < 4.1(1g) Multiple Vulnerabilities (cisco-sa-nshs-urapi-gJuBVFpu)

According to its self-reported version, Cisco Nexus Dashboard is affected by multiple vulnerabilities. - A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view...

Linux Distros Unpatched Vulnerability : CVE-2023-41321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses...

Exploit for CVE-2025-9074

CVE-2025-9074 – Docker Desktop Windows Container→Host Write...

CVE-2025-55573

QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting XSS...

CVE-2024-50645

MallChat v1.0-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token...

CVE-2025-55573

QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting XSS...

CVE-2024-50641

An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token...

PT-2025-34049 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 versions V02.03.01.110 Description: A stack-based buffer overflow exists in the Cloud API functionality. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this...

Linux Distros Unpatched Vulnerability : CVE-2022-3100

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. CVE-2022-3100 Note th...

CVE-2025-55299 VaulTLS has a password-based login exploit in additional user accounts

VaulTLS is a modern solution for managing mTLS mutual TLS certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the...