314 matches found
CVE-2025-64530
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...
CVE-2025-64530
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...
CVE-2025-61956
Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...
CVE-2023-7322 Nagios Log Server < 2024R1 Incorrect Authorization Granting Full API Access
Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check coul...
EUVD-2025-36149
A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services...
Improper Access Control
com.liferay.portal, release.portal.bom is vulnerable to improper access control. The vulnerability is due to the failure to restrict API access before a user changes their initial password, which allows an attacker to remotely access and modify content via the API...
CVE-2025-60936
Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...
CVE-2025-8053
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1....
CVE-2025-6542 OS command injection in multiple parameters
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...
CVE-2025-8053
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1....
CVE-2025-60279
A server-side request forgery SSRF vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal services via the API. An attacker can leverage this to enumerate open ports based on response discrepancies and interact with internal...
VulnCheck KEV: CVE-2024-20419
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...
EUVD-2020-28424
Malware in sbrugna...
EUVD-2019-8961
Malware in sbrugna...
EUVD-2020-22898
Malware in sbrugna...
EUVD-2017-8035
Malware in sbrugna...
EUVD-2016-7993
Malware in sbrugna...
EUVD-2018-19514
Malware in sbrugna...
EUVD-2015-6515
Malware in sbrugna...
EUVD-2016-1612
Malware in sbrugna...