Blog 安全漏洞

Blog is a personal blogging system by Xuzijia Individual Developers in China. A security vulnerability exists in Blog version 3.0.1-SNAPSHOT, which stems from an authentication bypass that could lead to unauthorized access to the API...

CVE-2024-50644

CVE-2024-50644 affects zhisheng17 blog 3.0.1-SNAPSHOT. The provided documents describe an authentication bypass vulnerability that allows an attacker to access the API without a token. Affected component is the Blog software’s authentication mechanism; the root cause is an authentication bypass, ...

PT-2025-34446 · Unknown · Zhisheng17 Blog

Name of the Vulnerable Software and Affected Versions: zhisheng17 blog version 3.0.1-SNAPSHOT Description: The software contains an authentication bypass issue that allows an attacker to access the API without a token. Recommendations: At the moment, there is no information about a newer version...

SUSE CVE-2025-54478

Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to empty request bodies not being properly rejected. An attacker can cause users to perform unintended actions by tricking them into clicking malicious links through post actions. Remediation Upgrade...

CVE-2025-27215

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected Products: UniFi Connect Display Cast Version 1.10.3 and earlier UniFi Connect Display Cast Pro Version 1.0.89 and...

CVE-2025-27215

CVE-2025-27215 describes an improper access control in the API of UniFi Connect Display Cast devices that, when authenticated, allows a malicious actor to make unsupported changes to the system. Affected products and versions are: UniFi Connect Display Cast 1.10.3 and earlier; Cast Pro 1.0.89 and...

CVE-2025-27213

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge ADB and make unsupported changes to the system. Affected Products: UniFi Connect EV Station Pro Version 1.5.18 and earlier UniFi Connect Display Versio...

Exagrid EX10 安全漏洞

Exagrid EX10 is a backup storage server from Exagrid Corporation, USA. A security vulnerability exists in Exagrid EX10 version 7.0.1p02, which originates from the presence of XML external entity injection in the /init API endpoint, which could lead to information disclosure and elevation of...

PT-2025-34269

Name of the Vulnerable Software and Affected Versions: PandoraNext-TokensTool versions 0.6.8 and earlier Description: An authentication bypass allows an attacker to access the API without a token. Recommendations: Update to a version later than 0.6.8...

CVE-2011-10026 Spreecommerce < 0.50.x API RCE

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

Link11 Highlights Growing Cybersecurity Risks and Introduces Integrated WAAP Platform

Frankfurt am Main, Germany, 20th August 2025, CyberNewsWire...

CVE-2025-57788

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

CVE-2024-57157

Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token...

Commvault 安全漏洞

Commvault is a data backup and recovery software from Commvault Corporation, USA. A security vulnerability exists in Commvault versions prior to 11.36.60 that stems from a known login mechanism that allows an unauthenticated attacker to execute API calls...

PT-2025-33898

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. Role-Based Access Control RBAC can limit exposure, but does...

Linux Distros Unpatched Vulnerability : CVE-2024-52337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequenc...

Sensitive Information Disclosure

OpenSearch is vulnerable to Sensitive Information Disclosure. The vulnerability is due to redacted values being retrievable through range queries and the fields option in the search API...

CVE-2025-55299

VaulTLS is a modern solution for managing mTLS mutual TLS certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the...

CVE-2025-55299

VaulTLS has an authentication issue prior to 0.9.1: user accounts created via the User web UI may have an empty (non-NULL) password, enabling login with an empty password. This is exacerbated by API login still working after frontend password checks were disabled. The vulnerability is fixed in 0....