IBM Concert Information Disclosure Vulnerability (CNVD-2025-29674)

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an information disclosure vulnerability that stems from the disclosure of sensitive information via...

Cisco Meeting Management 安全漏洞

Cisco Meeting Management CMM is an administrative tool for Cisco Meeting Server, a Cisco local videoconferencing platform from Cisco USA. A security vulnerability exists in Cisco Meeting Management that stems from insufficient REST API user authorization, resulting in a low-privilege authenticate...

You Can’t Improve What You Can’t See: API Monitoring Is Crucial

...

Unspecified Vulnerability in Microsoft Windows Telephony Server (CNVD-2025-02538)

Microsoft Windows Telephony Server is a component of Microsoft Corporation USA that supports the Telephony Application Programming Interface TAPI, which allows computer programs to communicate with shared telephony services. A security vulnerability exists in Microsoft Windows Telephony Server. A...

UBUNTU-CVE-2025-0194

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner...

The vulnerability of the application programming interface of the FortiEDR Manager allows a perpetrator to access confidential information.

The vulnerability of the application programming interface of the FortiEDR Manager system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to confidential information...

The vulnerability of the “snmp_apply” application programming interface of the microprogramming-based wireless access points of Advantech models EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the “snmpapply” application programming interface of the Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO wireless access points exists due to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this...

WordPress Ultimate Endpoints With Rest Api plugin <= 2.2.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Ultimate Endpoints With Rest Api versions = 2.2.2...

ROS-20241212-24

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-22

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-04

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-02

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

UBUNTU-CVE-2024-47760

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue...

GLPI 访问控制错误漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

GLPI 访问控制错误漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

PT-2024-13527 · It Path Solutions · It Path Solutions Contact Form To Any Api

Name of the Vulnerable Software and Affected Versions: IT Path Solutions Contact Form to Any API versions 1.1.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels...

zhmcclient 安全漏洞

zhmcclient is a server interface to the zhmcclient open source. A security vulnerability exists in zhmcclient that stems from the fact that under certain circumstances, zhmcclient writes password-like attributes in plaintext to its HMC and API logs...

Vulnerability fixed in Zabbix

A vulnerability has been fixed in Zabbix. The vulnerability is in how the CUser class handles the addRelatedObjects function. This could allow non-administrators with API access to perform an SQL injection, which could lead to unauthorized access to sensitive data. The vulnerability could enable...

DEBIAN-CVE-2024-42327

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is availabl...

UBUNTU-CVE-2024-36467

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...