PT-2026-37700

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained security vulnerabilities. These vulnerabilities stemmed from weak permissions for certain WebUI JSON endpoints, allowing low-privilege authenticated users to perform MODIFY operations...

CVE-2026-34732

WWBN AVideo CVE-2026-34732 affects the CreatePlugin list.json.php template (versions ≤26.0). The template ships without authentication/authorization checks, while add.json.php and delete.json.php require admin privileges. This omission creates 21 unauthenticated data-listing endpoints across the ...

Black Friday 2025 in Review: What Retailers Need to Know About This Year’s Holiday Shopping Season

Holiday shopping season is in full swing, and Black Friday 2025 continued to demonstrate that consumer demand and attacker activity shows no signs of slowing. According to Adobe Analytics, U.S. consumers spent $11.8 billion online on Black Friday, setting a new record and highlighting sustained...

EUVD-2025-37015

Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...

CVE-2025-61117

Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...

CVE-2025-61117

Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...

CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...

CVE-2024-10829

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading...

PT-2022-25391 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: A denial-of-service issue in Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data...

PT-2021-23328 · Archibus · Archibus Web Central

Name of the Vulnerable Software and Affected Versions: ARCHIBUS Web Central version 21.3.3.815 Description: The issue arises from the software's failure to properly validate requests for access to data and functionality in several affected endpoints: "/archibus/schema/ab-edit-users.axvw",...

Update for customer experience and diagnostic telemetry

Update for customer experience and diagnostic telemetry This update has been replaced by the latest update for customer experience and diagnostic telemetry that was first released on June 2, 2015. To get the update, see 3080149 Update for customer experience and diagnostic telemetry. Summary This...