CVE-2026-41283

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

CVE-2026-41283

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

CVE-2026-41283

OpenStack Mistral

CVE-2026-20160

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An...

CVE-2026-20160 Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An...

CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

CVE-2026-25858

macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...

EUVD-2020-4315

Malware in sbrugna...

EUVD-2020-4319

Malware in sbrugna...

Chatbots, APIs, and the Hidden Risks Inside Your Application Stack

What happens when a legacy application quietly slips under the radar and ends up at the center of a security incident involving AI and APIs? For one global organization, this scenario played out in real time when an unusual chatbot behavior sparked a closer look into their recruitment platform,...

CVE-2025-49828 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Remote Code Execution

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secre...

CVE-2025-25268

Phoenix Contact CHARX SEC-3150 (and related CHARX SEC-3xxx) devices expose a configuration service (TCP port 5001) that allows network-adjacent attackers to bypass authentication and modify configuration via an API endpoint, leading to read/write access. The issue is due to a lack of authenticati...

CVE-2025-25268 Unauthenticated Configuration Access via Exposed API Endpoint

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication...

CVE-2024-46310

Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint...

PT-2024-33146 · Unknown · Cloud Smart Lock

Name of the Vulnerable Software and Affected Versions: Cloud Smart Lock version 2.0.1 Description: The issue concerns a leaked URL in the APK file that can be used to call an API for binding physical devices. This allows attackers to construct requests to bind the app to unknown devices by findin...

Security Bulletin: IBM Cognos Analytics Reports mobile client application (iOS) is vulnerable to unauthorized attacks due to an exposed API key (CVE-2024-40703)

Summary An exposed API key in IBM Cognos Analytics could allow an unauthorized attacker to send unsolicited push notification alerts to IBM Cognos Analytics Reports mobile client applications. IBM Cognos Analytics has addressed the applicable CVE by revoking the exposed API key. Revocation of thi...

Exploit for CVE-2024-46310

CVE-2024-46310 POC for CVE-2024-46310 For FXServer version's v...

Rockwellautomation Rslinx Improper Input Validation

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...

Local File Inclusion

larvitbase-www is vulnerable to local file inclusion. The package uses an exposed API endpoint that accepts an unvalidated GET parameter to a require function call. This could potentially allow a remote attacker to execute any .js files within the web server. Successful exploitation causes the...

Exposed API

Apache's spark contains an exposed API due to the default value of spark.master.rest.enabled being set to true. This allows remote attackers to connect to the API without authentication and run driver programs but not launch executors...