62 matches found
CVE-2026-27708
FOSSBilling, before 0.8.0, is vulnerable to an IDOR in the Servicecustom Client API: the __call method accepts an order_id and fetches the order without ensuring the authenticated client owns it, enabling cross-client access to other clients’ orders and exposing PII and service configuration data...
CVE-2026-35202 Pterodactyl has a database resource limit bypass via race condition in Client API
Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...
io.github.bkoehm:apacheds-embedded (>=0.5 <=0.6), org.apache.activemq.examples.broker:security-ldap (>=2.24.0 <=2.31.1) +68 more potentially affected by CVE-2026-35563 via org.apache.directory.api:api-ldap-client-api (>=2.0.0 <=2.1.7)
org.apache.directory.api:api-ldap-client-api MAVEN version =2.0.0, =0.5, =2.24.0, =0.1.0, =4.7.0, =2.3.0, =1.1.0, =1.1.0, =1.1.0, =3.0.0, =3.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0.AM25, =2.0.0.AM25, =2.0.0.AM27 and more Source cves: CVE-2026-35563 Source advisory:...
[SECURITY] Fedora 44 Update: kwayland-6.6.4-1.fc44
Qt-style API to interact with the wayland-client API...
CVE-2026-4395
CVE-2026-4395 affects wolfSSL wolfcrypt KCAPI ECC: a heap-based buffer overflow in wc_ecc_import_x963_ex() allows an attacker to write beyond the pubkey_raw buffer (132 bytes) when parsing a crafted oversized ECPoint in ServerKeyExchange. The path copies input to key->pubkey_raw via XMEMCPY wi...
CVE-2026-31863 Improper Restriction of Excessive Authentication Attempts in github.com/anyproto/anytype-heart
Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...
ROS-20260209-73-0012
A vulnerability in the HTTP Client API component of the OpenSSL cryptographic library is related to reading beyond memory boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
SUSE CVE-2021-2007
Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...
EUVD-2015-4736
Malware in sbrugna...
EUVD-2006-3265
Malware in sbrugna...
EUVD-2008-1337
Malware in sbrugna...
EUVD-2022-31207
Malicious code in bioql PyPI...
SUSE CVE-2025-9232
Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...
OpenSSL 安全漏洞
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
Linux Distros Unpatched Vulnerability : CVE-2021-35597
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 8.0.26 and prior. Easily exploitable...
CVE-2015-4719
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request...
Malicious code in ui-forms-embed-client-api (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-47651 Parameter Pollution Vulnerability
This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple “userid” parameters in the API request body leading to unauthorized access of sensitive...
Classic builder cache poisoning
The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache...
PT-2023-20166 · Boxo · Boxo
Name of the Vulnerable Software and Affected Versions: Boxo versions 0.4.0 through 0.5.0 Description: An attacker can cause a Bitswap server to allocate and leak unbounded amounts of memory by sending many WANT BLOCK and or WANT HAVE requests which are queued in an unbounded queue, with allocatio...