CVE-2021-0132

Missing release of resource after effective lifetime in an API for the IntelR Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access...

CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

CVE-2020-11592

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database...

CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2025-20113

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HT...

CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

Cisco Unified Intelligence Center 安全漏洞

Cisco Unified Intelligence Center is a set of Web-based reporting platform from Cisco USA. The platform provides the ability to present report-related business data and call center data. A security vulnerability exists in Cisco Unified Intelligence Center that stems from insufficient authenticati...

CVE-2025-2527

Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request...

CVE-2025-20214

A vulnerability in the Network Configuration Access Control Module NACM of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data. This vulnerability exists because a subtle change in inner API call behavior caus...

CVE-2025-20187

A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to improper validation of requests to APIs. An attacker could...

“Your privacy is a promise we don’t break”: Dating app Raw exposes sensitive user data

Any app that hands over user data is a concern, but leaky dating apps are especially worrying given the sensitivity of the data involved. A relatively new app called Raw that aims to rewrite the rules of dating is the latest to trip over its coattails by exposing user data to…well, anyone who ask...

Qualcomm Chipsets 访问控制错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An access control error vulnerability exists in Qualcomm Chipsets that stems from improper API restrictions when mapping memory into the address space of a protected virtual machine, which could lead to memory corruption...

KHC-INVITATION-AUTOMATION 访问控制错误漏洞

KHC-INVITATION-AUTOMATION is an open source tool from Krypto Hashers to automatically invite GitHub followers to join your organization. An Access Control Error Vulnerability exists in KHC-INVITATION-AUTOMATION version 1.2, which stems from a lack of access control in the API response and could...

PlayEdu 代码问题漏洞

PlayEdu is an industry-leading online training solution from the China PlayEdu team. A code issue vulnerability exists in PlayEdu 1.8 and earlier versions, which stems from a server-side request forgery due to incorrect operation of the parameter Avatar in the file /api/backend/v1/user/create...

CVE-2025-3968

A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /api.php. The manipulation of the argument catid leads to sql injection. The attack can be initiated remotely. The exploit has been...

Moodle 信息泄露漏洞

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that originates from a specific API call that discloses sensitive...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 0.6.12, which stems from the fact that a normal user can enable or disable the app via the API...

PT-2025-16414

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description An unauthenticated attacker can infer the existence of usernames in the system by querying an API. Recommendations At the moment, there is no information about a newer version that contains a...

PT-2025-16488

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description Unauthenticated attackers can query an API endpoint and get device details. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

PT-2025-16346

Name of the Vulnerable Software and Affected Versions Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC version V3 1.0.15 Description A command injection issue was discovered via the groupname at the "/boafrm/formDiskCreateGroup" API endpoint. This allows for potential exploitation...