12 matches found
CVE-2026-22236
Technical details about CVE-2026-22236 are not publicly available in the provided documents. The descriptions summarize improper backend API authentication but do not specify affected components, versions, impact specifics, or fixes. Monitor for updates from vendors and security feeds.
PT-2026-2859
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the...
CVE-2025-13483
SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...
CVE-2025-13483
SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...
CVE-2025-13483 Missing Authentication for Critical Function in SiRcom SMART Alert (SiSA)
SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...
EUVD-2025-28988
Malicious code in bioql PyPI...
undici: Undici Uses Insufficiently Random Values
A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
Design/Logic Flaw
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing...
CVE-2022-21215
CVE-2022-21215 is an SSRF vulnerability in Airspan/Mimosa MMP stack. Affected: MMP before v1.0.3; PTP C-series before v2.8.6.1; PTMP C-series/A5x before v2.5.4.1. Root cause: improper server-side request handling allows an attacker to force the server to access internal routes and cloud-hosting p...
CVE-2022-21215 Airspan Networks Mimosa Server-Side Request Forgery (SSRF)
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing...
CVE-2022-21215 Airspan Networks Mimosa Server-Side Request Forgery (SSRF)
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing...