Lucene search
K

314 matches found

RedhatCVE
RedhatCVE
added 2025/11/15 12:47 a.m.10 views

CVE-2025-64530

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...

7.5CVSS6.8AI score0.00353EPSS
Exploits0References1
NVD
NVD
added 2025/11/13 11:15 p.m.7 views

CVE-2025-64530

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...

7.5CVSS0.00353EPSS
Exploits0References1
OSV
OSV
added 2025/11/04 5:16 p.m.6 views

CVE-2025-61956

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...

9.8CVSS5.8AI score0.0071EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:23 p.m.3 views

CVE-2023-7322 Nagios Log Server < 2024R1 Incorrect Authorization Granting Full API Access

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check coul...

8.7CVSS6.1AI score0.00972EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/27 10:11 a.m.5 views

EUVD-2025-36149

A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services...

7.6CVSS6.6AI score0.00449EPSS
Exploits0References7
Veracode
Veracode
added 2025/10/27 8:1 a.m.6 views

Improper Access Control

com.liferay.portal, release.portal.bom is vulnerable to improper access control. The vulnerability is due to the failure to restrict API access before a user changes their initial password, which allows an attacker to remotely access and modify content via the API...

6.9CVSS6.6AI score0.00244EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2025/10/24 12:0 a.m.4 views

CVE-2025-60936

Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...

6.3AI score0.00178EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/21 8:29 p.m.7 views

CVE-2025-8053

Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1....

9.1CVSS6.8AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/21 12:23 a.m.9 views

CVE-2025-6542 OS command injection in multiple parameters

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

9.3CVSS0.00925EPSS
Exploits0References4
OSV
OSV
added 2025/10/20 8:15 p.m.3 views

CVE-2025-8053

Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1....

9.1CVSS5.8AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/18 12:44 a.m.14 views

CVE-2025-60279

A server-side request forgery SSRF vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal services via the API. An attacker can leverage this to enumerate open ports based on response discrepancies and interact with internal...

9.6CVSS6.9AI score0.00393EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/10/17 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-20419

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

10CVSS5.8AI score0.80767EPSS
In wildExploits3References179
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-28424

Malware in sbrugna...

5.7CVSS5.8AI score0.00432EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-8961

Malware in sbrugna...

8.2CVSS8.1AI score0.01534EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-22898

Malware in sbrugna...

10CVSS9.2AI score0.01666EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-8035

Malware in sbrugna...

9.8CVSS9.5AI score0.01983EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-7993

Malware in sbrugna...

9CVSS9.1AI score0.02113EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-19514

Malware in sbrugna...

8.8CVSS8.8AI score0.02311EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2015-6515

Malware in sbrugna...

8.8CVSS8.6AI score0.03618EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-1612

Malware in sbrugna...

9.8CVSS9.5AI score0.01005EPSS
Exploits0References3
Rows per page
Query Builder