Omni vulnerable to information leak via API

Impact Omni might leak sensitive information via an API. Patches v1.1.5, v1.0.2 and v1.2.0 contain the patch. Workarounds None. References None...

CVE-2025-9553 API Key manager - Critical - Unsupported - SA-CONTRIB-2025-103

Vulnerability in Drupal API Key manager.This issue affects API Key manager:...

PT-2025-41384

Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex versions 5.0.0 through 5.0.13.1 Description A privileged user could potentially cause a denial of service due to improperly validated API input, leading to excessive resource consumption. The issue stems from insufficient...

GHSA-WR9H-G72X-MWHM vLLM is vulnerable to timing attack at bearer auth

Summary The API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force. Details...

Covert Timing Channel

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Covert Timing Channel via the apiserver component. An attacker can gain unauthorized access by exploiting differences in response times during API k...

CVE-2025-40676

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

EUVD-2011-5250

Malware in sbrugna...

vLLM 安全漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A security vulnerability exists in versions prior to vLLM 0.11.0rc2, which stems from a timing attack vulnerability in the API key authentication method that could lead to authentication bypass...

EUVD-2025-32895

Nagios Log Server before 2024R1.3.2 allows authenticated users with read-only API access to stop the Elasticsearch service via a /nagioslogserver/index.php/api/system/stop?subsystem=elasticsearch call. The service stops even though "message": "Could not stop elasticsearch" is in the API response...

EUVD-2025-32501

A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation...

CVE-2025-58578

The CVE-2025-58578 describes an API misuse where an authorized user can create an unlimited number of user accounts via a POST endpoint due to no quotas or validation. Public documents across Red Hat, NVD, CVE lists, and SICK-related advisories confirm the core issue (unbounded account creation) ...

CVE-2025-58578 Unlimited user creation by authorized users

A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation...

PT-2025-40949

Name of the Vulnerable Software and Affected Versions YoSmart YoLink versions through 2025-10-02 Description The YoSmart YoLink API constructs an endpoint URL using a device's MAC address and an MD5 hash of non-secret information, including a key starting with cf50. The API endpoint is derived fr...

EUVD-2025-29412

Malicious code in bioql PyPI...

EUVD-2025-24180

Malicious code in bioql PyPI...

EUVD-2025-25133

Malicious code in bioql PyPI...

EUVD-2024-54903

Malicious code in bioql PyPI...

EUVD-2025-23985

Malicious code in bioql PyPI...

EUVD-2024-54876

Malicious code in bioql PyPI...

EUVD-2025-24092

Malicious code in bioql PyPI...