EUVD-2009-1038

Malware in sbrugna...

CVE-2025-23316

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in the model control APIs. A successful exploit of this vulnerability might lead to remote code...

NVIDIA Triton Inference Server 操作系统命令注入漏洞

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server suffers from an operating system command injection vulnerability that stems from the Python backend not...

CVE-2025-7001

GitLab CE/EE is affected by CVE-2025-7001: versions 15.0–before 18.0.5, 18.1–before 18.1.3, and 18.2–before 18.2.1 expose a vulnerability where privileged users can access certain resource_group information via the API that should be unavailable. Root cause: insufficient access control granularit...

CVE-2020-35586

In Solstice Pod before 3.3.0 or Open4.3, the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement e.g., it might be all digits or all lowercase letters...

CVE-2020-35585

In Solstice Pod before 3.3.0 or Open4.3, the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities...

CVE-2020-29538

Archer before 6.9 P1 6.9.0.1 contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks...

CVE-2024-49348

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly...

Improper Access Control

github.com/rancher/rancher is vulnerable to Improper Access Control. The vulnerability is due to authenticated users being able to disable access control via an API call...

CVE-2024-0335

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products e.g., S+ Operations, S+ Engineering and S+ Analyst This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0...

CVE-2024-0335 Malformed Packet Handling

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products e.g., S+ Operations, S+ Engineering and S+ Analyst This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0...

PT-2024-8940 · Abb · S+ Control Api +3

Name of the Vulnerable Software and Affected Versions: Symphony Plus S+ Operations versions 2.0;0 through 2.0 SP6 TC6 Symphony Plus S+ Operations versions 2.1;0 through 2.1 SP2 RU3 Symphony Plus S+ Operations versions 3.0;0 through 3.3 SP1 RU4 Symphony Plus S+ Engineering versions 2.1 through 2.3...

When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id

Impact If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance she is not authorized to access, can gain read, update and delete access to it...

Malicious Package

Overview ably-control-api-action is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

ASUS Control Center 安全漏洞

ASUS Control Center is a new centralized IT management software from ASUS China. The software can monitor and control ASUS servers, workstations. A security vulnerability exists in ASUS Control Center v1.4.2.5, which stems from a corrupted access control issue in the API. An unauthenticated remot...

ORY Oathkeeper 安全漏洞

ORY Oathkeeper is an open source an Identity Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on a set of access rules. A security vulnerability exists in ORY Oathkeeper, which stems from an Identity Access Proxy IAP and Access Control Decision API that...

CVE-2020-35586

In Solstice Pod before 3.3.0 or Open4.3, the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement e.g., it might be all digits or all lowercase letters...

Mersive Solstice Pod Security Vulnerability

Mersive Solstice Pod is a software application for conference screen sharing from Mersive USA. A security vulnerability exists in versions prior to Solstice Pod 3.3.0 or Open4.3, which can be exploited to enumerate screen keys using a strong attack via the lookin info winter to the Open Control...

CVE-2019-6974

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvmioctlcreatedevice, the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If suc...

Use-After-Free

Linux kernel is vulnerable to use-after-free attacks. This is because the way the Linux kernel's KVM hypervisor implements its device control API While creating a device via kvmioctlcreatedevice. An attacker could use this flaw to crash the guest VM resulting in a denial of service issue or...