1388 matches found
EUVD-2025-205432
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...
CVE-2025-66377
CVE-2025-66377 affects Pexip Infinity prior to 39.0. A missing authentication for a critical function in a product-internal API allows an attacker who already has code execution on one node to impact the operation of other nodes in the installation. This is not listed as exploitable in the provid...
CVE-2025-3232
CVE-2025-3232 affects Mitsubishi Electric Europe smartRTU, where a remote unauthenticated attacker can bypass authentication via a specific API route and execute arbitrary OS commands. The Red Hat/NVD/EUVD/NVD-derived records consistently describe an access-control failure enabling command execut...
CVE-2025-3232 Mitsubishi Electric Europe smartRTU Missing Authentication for Critical Function
A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands...
PT-2025-53377
Name of the Vulnerable Software and Affected Versions affected versions not specified Description A remote, unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands. The attack involves accessing an API endpoint that allows f...
Mitsubishi Electric smartRTU 访问控制错误漏洞
The Mitsubishi Electric smartRTU is a smart remote terminal unit RTU from Mitsubishi Electric Japan. The Mitsubishi Electric smartRTU suffers from an access control error vulnerability that stems from a specific API route that can bypass authentication and could lead to the execution of arbitrary...
GT Edge AI 安全漏洞
GT Edge AI is an edge AI solution from US-based GT Edge AI. A security vulnerability exists in versions prior to GT Edge AI v2.0.10-dev, which stems from improper /api/v1/agents API permissions, which could lead to unauthorized access to sensitive information...
EUVD-2025-204584
Langflow vulnerable to Server-Side Request Forgery...
CVE-2025-68477
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...
PT-2025-52445
An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...
GHSA-F6MR-38G8-39RG Ollama Platform has missing authentication enabling attackers to perform model management operations
A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...
BIT-GITLAB-2025-13978 Generation of Error Message Containing Sensitive Information in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to discover the names of private projects they do not have access through API requests...
CVE-2025-64997 Insufficient permission validation when showing agent information
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...
CVE-2025-63391
An authentication bypass vulnerability exists in Open-WebUI =0.6.32 in the /api/config endpoint. The endpoint lacks proper authentication and authorization controls, exposing sensitive system configuration data to unauthenticated remote attackers...
CVE-2025-63389
A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...
CVE-2025-64520
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...