CVE-2025-46204

An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/id endpoint...

CVE-2025-46559

Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in Mk:api allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious...

lunary access control error vulnerability (CNVD-2025-07602)

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from improper access control on the /v1/datasets endpoint, and can be exploited by an attacker to gain access to unauthorized datasets...

CVE-2025-1751 SQL Injection CIGES

A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint...

CVE-2024-6662 CSRF in MegaBIP

Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery CSRF as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms. A user could be tricked into visiting a malicious website, which would send POST request to this endpoint. If...