EUVD-2026-31460

Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through...

CVE-2025-65966

OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0...

PT-2025-41175

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1.3.2 Description Nagios Log Server before version 2024R1.3.2 allows authenticated users with read-only API access to stop the Elasticsearch service. This is achieved by making a call to the...

CVE-2022-34534

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call...

PT-2024-29789 · Hcl · Hcl Bigfix Inventory

Name of the Vulnerable Software and Affected Versions: HCL BigFix Inventory affected versions not specified Description: The issue is related to an improper handling of insufficient permissions or privileges in HCL BigFix Inventory. An attacker with access via a read-only account can possibly...

CVE-2024-45104

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...

UBUNTU-CVE-2024-28397

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...

PT-2023-24868 · Lenovo · Lenovo Xclarity Administrator

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Administrator LXCA affected versions not specified Description: The issue allows a valid, authenticated LXCA user with elevated privileges to potentially replace filesystem data through a specifically crafted web API call due ...

Design/Logic Flaw

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type...

CVE-2022-34534

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call...

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana before 7.4.1 that allows an unauthenticated...

MongoDB Ops Manager Authorization Issues Vulnerability

MongoDB Ops Manager is a solution from MongoDB, Inc. that supports the management, monitoring, and backup of MongoDB deployments. An authorization issue vulnerability exists in MongoDB Ops Manager that stems from a specially designed API call that could allow an authenticated user holding...

CVE-2020-8148

UniFi Cloud Key firmware 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus...

CVE-2016-4305

A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to...