243 matches found
CVE-2026-33222
NATS-Server (JetStream) contains an authorization bypass via the JetStream management API: users with JetStream admin API access to restore one stream could restore to other stream names, risking data overwrite across streams. Affected versions are prior to 2.11.15 and 2.12.6. The fixed releases ...
CVE-2026-20114
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because...
Cisco IOS XE Software 安全漏洞
Cisco IOS XE Software is a network operating system developed by the American company Cisco. There is a security vulnerability in Cisco IOS XE Software, which stems from insufficient validation of API endpoint parameters. This vulnerability could allow authenticated remote attackers to gain...
EUVD-2026-11410
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to retrieve...
CVE-2026-32131
CVE-2026-32131 affects Zitadel's Management API prior to versions 3.4.8 and 4.12.2. An authenticated user with a low-privilege token (e.g., project.read, project.grant.read, or project.app.read) could retrieve management-plane information for other organizations by specifying a different tenant’s...
PT-2026-24854
🚨 CVE-2026-32131 ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to...
ZITADEL 安全漏洞
ZITADEL is an open-source identity and access management platform developed by ZITADEL in Switzerland. Versions of ZITADEL prior to 3.4.8 and 4.12.2 contained security vulnerabilities. These vulnerabilities were due to access control issues in the Management API, which could allow verified users...
CVE-2026-28352
CVE-2026-28352 affects Indico (event management system) prior to 3.3.11. The vulnerability is an missing access check in the API endpoint that manages event series, enabling unauthenticated/unauthorized access to metadata (title, category chain, start/end date) for events in an existing series, a...
Caddy 跨站请求伪造漏洞
Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the local Caddy management API accepting cross-domain requests when source forcing was n...
CVE-2026-23596
A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability...
CVE-2026-23596
A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability...
HPE Aruba Networking Private 5G Core 安全漏洞
HPE Aruba Networking Private 5G Core is a 5G core component developed by the American company HPE. There is a security vulnerability present in HPE Aruba Networking Private 5G Core, which stems from a flaw in the management API. This vulnerability could allow unverified remote attackers to trigge...
CVE-2025-65128
A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "nocommit" and supplying the...
PT-2026-7623
Name of the Vulnerable Software and Affected Versions Shenzhen Zhibotong Electronics ZBT WE2001 version 23.09.27 Description A flaw exists in the web management API components that allows unauthenticated attackers on the local network to modify router and network configurations. Attackers can...
CVE-2025-65128
A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "nocommit" and supplying the...
Tildeslash M/Monit Security Vulnerability
Tildeslash M/Monit is a server monitoring and management tool developed by Tildeslash Inc. Version 3.7.4 of Tildeslash M/Monit contains a security vulnerability. This vulnerability stems from an authentication flaw in the management API endpoints, which could lead to the retrieval of user passwor...
GHSA-QQPG-MVQG-649V vulnerabilities
Vulnerabilities for packages: keycloak-config-cli, management-api-for-apache-cassandra-5.0, akhq, cassandra, nextflow, cassandra-reaper, apache-nifi-registry, zookeeper, kserve-modelmesh, dependency-track, sonarqube, trino, sonar-scanner-cli, apache-nifi...
CVE-2026-1225 vulnerabilities
Vulnerabilities for packages: keycloak-config-cli, management-api-for-apache-cassandra-5.0, akhq, cassandra, nextflow, cassandra-reaper, apache-nifi-registry, zookeeper, kserve-modelmesh, dependency-track, sonarqube, trino, sonar-scanner-cli, apache-nifi...
GHSA-QQPG-MVQG-649V vulnerabilities
Vulnerabilities for packages: trino, sonarqube, knative-kafka-broker, localstack, akhq, cassandra, zookeeper, zookeeper-fips, keycloak-config-cli, apache-nifi, apache-nifi-registry, nacos, nacos-docker, sonar-scanner-cli, kafbat-ui, management-api-for-apache-cassandra-4.0, kserve-modelmesh,...
CVE-2026-1225 vulnerabilities
Vulnerabilities for packages: trino, sonarqube, knative-kafka-broker, localstack, akhq, cassandra, zookeeper, zookeeper-fips, keycloak-config-cli, apache-nifi, apache-nifi-registry, nacos, nacos-docker, sonar-scanner-cli, kafbat-ui, management-api-for-apache-cassandra-4.0, kserve-modelmesh,...