CVE-2025-48861

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps...

BOSCH ctrlX OS 安全漏洞

BOSCH ctrlX OS is a Linux-based real-time operating system from the German company BOSCH. A security vulnerability exists in BOSCH ctrlX OS that stems from improper access control of Task API endpoints, which could lead to internal application data disclosure...

Linux Distros Unpatched Vulnerability : CVE-2025-32802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root...

XORUX XorMon-NG 安全漏洞

XORUX XorMon-NG is an infrastructure performance monitoring platform from the Czech company XORUX. A security vulnerability exists in XORUX XorMon-NG, which stems from improper access control of API endpoints and could lead to elevation of privilege...

PHOENIX CONTACT CHARX SEC-3xxx 访问控制错误漏洞

PHOENIX CONTACT CHARX SEC-3000 etc. are products of PHOENIX CONTACT, Germany.PHOENIX CONTACT CHARX SEC-3000 is an AC Charge Controller.PHOENIX CONTACT CHARX SEC-3050 is an AC Charge Controller.PHOENIX CONTACT CHARX SEC-3100 is an AC Charge Controller. PHOENIX CONTACT CHARX SEC-3100 is an AC charg...

Quiter Gateway SQL注入漏洞

Quiter Gateway is an API interface from Quiter Spain. A SQL injection vulnerability exists in Quiter Gateway versions prior to 4.7.0, which stems from an SQL injection in the mensaje parameter that could lead to database manipulation...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the API endpoints responsible for updating and deleting inventory item attachments. An attacker can access or modify attachments belonging to other users by sending crafted requests as an authenticated user...

CVE-2025-6733

A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument GroupName leads to buffer overflow. The attack c...

Yealink YMCS 安全漏洞

Yealink YMCS is a cloud management service from China Yealink Yealink used to centrally manage and maintain Yealink's devices. A security vulnerability exists in Yealink YMCS versions prior to 2025-05-26, which stems from not blocking access to OpenAPI for frozen enterprise accounts, which could...

Crafty Controller 跨站脚本漏洞

Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A cross-site scripting vulnerability exists in Crafty Controller that stems from improperly neutralized inputs to the server name form and API key form components, which could lead to a stored cross-site scripting attack...

On Automating Security Policies with Contemporary LLMs

The complexity of modern computing environments and the growing sophistication of cyber threats necessitate a more robust, adaptive, and automated approach to security enforcement. In this paper, we present a framework leveraging large language models LLMs for automating attack mitigation policy...

Internet Brands vBulletin 安全漏洞

Internet Brands vBulletin is a forum plugin from Internet Brands, Inc. A security vulnerability exists in Internet Brands vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3, which stems from the possibility that an unauthenticated user could invoke protected API controller methods...

CVE-2023-0872

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

CVE-2023-29110

The SAP Application Interface Message Dashboard - versions AIF 703, AIFX 702, S4CORE 100, 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker...

CVE-2023-30969

The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints...

CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...

CVE-2021-42081

An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC http:///qstorapi/storageSystemModify?storageSystem==quantastor=;ls$IFS-al=4=5=;ls$IFS-al==;ls$IFS-al...

Vulnerabilities fixed in Cisco Unified Intelligence Center

Cisco has fixed vulnerabilities in Cisco Unified Intelligence Center. The vulnerabilities are in how Cisco Unified Intelligence Center's API validates user parameters. This can lead to privilege escalation, where authenticated attackers can gain unauthorized access to other users' sensitive data...

CVE-2017-11367

The shocodecompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service buffer over-read and application crash via malformed compressed data...

CVE-2013-5532

Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service webapp interface outage via long values in unspecified fields, aka Bug ID CSCuh10343...