Cisco Prime Infrastructure Information Disclosure (cisco-sa-epnm-info-dis-zhPPMfgz)

The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.10.6.2. It is therefore affected by an information disclosure vulnerability. A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to...

Linux Distros Unpatched Vulnerability : CVE-2022-21713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle use...

CVE-2025-58355 Soft Serve is vulnerable to arbitrary file writing through its SSH API

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...

CVE-2025-58355 Soft Serve is vulnerable to arbitrary file writing through its SSH API

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...

CVE-2025-20270 Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of reques...

Allocation Of Resources Without Limits

Bouncy Castle is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to excessive resource allocation due to lack of proper limits in the handling of ASN1ObjectIdentifier in API modules...

CVE-2025-21031

Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs...

Missing Authorization

Mattermost Confluence Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing access validation caused by failure to check user permissions when creating channel subscriptions via the API...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from a lack of input validation for MGW service API calls, which could cause the application...

CData API Server 安全漏洞

CData API Server is a server for creating, deploying, and managing custom APIs from CData. This server provides a highly scalable platform that helps organizations quickly build and expose APIs to communicate with different data sources. A security vulnerability exists in CData API Server that...

CVE-2025-58124

Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic...

Linux Distros Unpatched Vulnerability : CVE-2020-13324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API...

MAL-2025-41519 Malicious code in @twork-data-services/proxy-prime-api-v1-card-ucid-services (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-30040 Missing authentication in API returning request logs containing session IDs

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...

CVE-2025-7841

CVE-2025-7841 affects the WordPress plugin “Sertifier Certificate & Badge Maker for WordPress – Tutor LMS.” A CSRF flaw exists due to missing/incorrect nonce validation on the sertifier_settings page, enabling unauthenticated attackers to update the plugin’s API key if a site admin is tricked int...

CVE-2025-52352

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to...

CVE-2024-50641

An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token...

CVE-2024-50644

zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token...

CVE-2011-10026

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

CVE-2025-9341 Garbage collection can delay for AES CBC Native support, resulting in heap exhaustion

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...