100 matches found
CVE-2025-65742
An unauthenticated Broken Function Level Authorization BFLA vulnerability in Newgen OmniDocs v11.0 allows attackers to obtain sensitive information and execute a full account takeover via a crafted API request...
EUVD-2025-199639
The Primakon Pi Portal 1.0.18 API /api/V2/ppudfvadmin endpoint, fails to perform necessary server-side validation. The administrative LoginAs or user impersonation feature is vulnerable to a access control failure. This flaw allows any authenticated low-privileged user to execute a direct PATCH...
CVE-2025-54561
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote access to content despite lack of the correct permission through a Broken Authorization Schema...
EUVD-2025-197626
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote access to content despite lack of the correct permission through a Broken Authorization Schema...
CVE-2025-54561
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote access to content despite lack of the correct permission through a Broken Authorization Schema...
CVE-2025-54561
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote access to content despite lack of the correct permission through a Broken Authorization Schema...
CVE-2025-54561
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote access to content despite lack of the correct permission through a Broken Authorization Schema...
PT-2025-46986
Name of the Vulnerable Software and Affected Versions Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2 Description An Incorrect Access Control issue exists in the Application Server of Desktop Alert PingAlert. This allows remote access to content without proper authorization due to a...
CVE-2025-54561
CVE-2025-54561 affects Desktop Alert PingAlert Application Server (versions 6.1.0.11–6.1.1.2). The vulnerability is an Improper Access Control caused by a Broken Authorization Schema that allows remote access to content without proper permissions. Impact is remote access to unauthorized content; ...
EUVD-2025-38272
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
PT-2025-45466
Name of the Vulnerable Software and Affected Versions Onlook web application version 0.2.32 Description A Broken Object Level Authorization BOLA issue exists in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application. The API does not properly validate if the...
When APIs Become Attack Paths: What the Q3 2025 ThreatStats Report Tells Us
Wallarm’s latest Q3 2025 API ThreatStats report link placeholder reveals that API vulnerabilities, exploits, and breaches are not just increasing; they’re evolving. Malicious actors are shifting from code-level weaknesses to business logic flaws, from web apps to partner integrations, and from RE...
CVE-2025-9265
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version late...
CVE-2025-9265
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version late...
EUVD-2023-55675
Malicious code in bioql PyPI...
EUVD-2025-24205
Malicious code in bioql PyPI...
EUVD-2025-7149
Malicious code in bioql PyPI...
EUVD-2025-12505
Malicious code in bioql PyPI...
EUVD-2025-5316
Malicious code in bioql PyPI...
CVE-2025-58978 WordPress PDF Generator for WordPress Plugin <= 1.5.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4...