CVE-2025-8789

A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The explo...

CVE-2025-8790 Portabilis i-Educar API Endpoint pessoa improper authorization

A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. The manipulation of the argument ID leads to improper authorization. The attack can be initiated...

CVE-2025-8790

CVE-2025-8790 affects Portabilis i-Educar up to 2.9.0. The vulnerability is in the API Endpoint component, specifically the file /module/Api/pessoa, where manipulating the ID argument leads to improper authorization. The issue is exploitable remotely, with exploits disclosed publicly. Multiple so...

CVE-2025-8789 Portabilis i-Educar API Endpoint Diario authorization

A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The explo...

CVE-2025-7770

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID...

A Misconfiguration That Haunts Corporate Streaming Platforms Could Expose Sensitive Data

A security researcher discovered that flawed API configurations are plaguing corporate livestreaming platforms, potentially exposing internal company meetings—and he's releasing a tool to find them...

PT-2025-32370 · Unknown · Registered Product

Name of the Vulnerable Software and Affected Versions: versions prior to April 6, 2025 Description: The product does not limit the number of attempts for entering the correct PIN for a registered product, potentially allowing an attacker to gain unauthorized access using brute-force methods if th...

Mobile Industrial Robots MiR Robots 安全漏洞

Mobile Industrial Robots MiR Robots is an autonomous mobile robot from Mobile Industrial Robots, Denmark. A security vulnerability exists in Mobile Industrial Robots MiR Robots versions prior to 3.0.0, which stems from a path traversal issue in the API endpoint that could lead to file extraction...

Linux Distros Unpatched Vulnerability : CVE-2019-12473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in...

The vulnerability of the API interface of the 5G HPE Aruba Networking Private 5G Core platform allows a attacker to disclose protected information.

The vulnerability of the API interface of the 5G HPE Aruba Networking Private 5G Core platform relates to the insecure storage of confidential information. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

CVE-2025-44779

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull...

CLSA-2025-1754341122 java-1.8.0-openjdk: Fix of 4 CVEs

Update to shenandoah-jdk8u462-b08 GA - Security fixes from OpenJDK 8u462-b08: - CVE-2025-30749: fix 2D vulnerability allowing remote attackers to compromise JVM via network access - CVE-2025-30754: fix JSSE vulnerability allowing unauthorized data access via TLS connections - CVE-2025-30761: fix...

The vulnerability of the MFlash secure data exchange platform, related to authentication errors, allows attackers to escalate their privileges.

The vulnerability of the MFlash secure data exchange platform is related to authentication errors. Exploiting this vulnerability allows a malicious actor to enhance their privileges and use the file storage system beyond the architectural limitations by intercepting API responses...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the q URL parameter in the /api/v2.0/users endpoint. An attacker can retrieve sensitive password hash and salt values by abusing the filtering capability to extract this information character by character. Note:...

Abnormal AI Abnormal Security API 安全漏洞

Abnormal AI Abnormal Security API is an API from Abnormal AI. A security vulnerability exists in Abnormal AI Abnormal Security API versions prior to 2025-02-19, which stems from a privilege degradation vulnerability...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE and EE versions prior to 15.0 through...

The vulnerability of the API interface of the boiler controller MyHeat GO allows a hacker to gain unauthorized access to the controller.

The vulnerability of the API interface of the MyHeat GO boiler controller is related to the use of default login credentials. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the controller by using the standard login credentials...

The vulnerability of the application software interface of the Cisco Identity Services Engine (ISE) management platform, related to the failure to neutralize certain elements, allows a perpetrator to execute arbitrary code with root privileges.

The vulnerability of the application software interface of the Cisco Identity Services Engine ISE management platform relates to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code with...

CVE-2025-20284

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...

CVE-2025-53904 The Scratch Channel Has Potential Reflected Cross-Site Scripting (XSS) Vulnerability

The Scratch Channel is a news website that is under development as of time of this writing. The file /api/admin.js contains code that could make the website vulnerable to cross-site scripting. No known patches exist as of time of publication...