LogicalDOC 安全漏洞

LogicalDOC is a document management system developed using Java technology by LogicalDOC, Inc. in the United States. The system has features such as Lucene full-text search indexing and automatic import. LogicalDOC has a security vulnerability that stems from an API endpoint flaw that could allow...

WordPress Resido theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings Update vulnerability

Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin Resido versions = 3.6...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition versions 12.3 through prior to 17.7.7, 17.8 through prior to 17.8.5, and 17.9 through prior to 17.9.2, which stems from a vulnerability in...

Rising Technosoft CAP back office application 授权问题漏洞

Rising Technosoft CAP back office application is a back office application from Rising Technosoft India. The Rising Technosoft CAP back office application suffers from an authorization issue vulnerability that stems from a weak password reset mechanism implemented in the API endpoint that allows ...

CVE-2023-40723

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2...

U.S. Dept Of Defense: Information Disclosure in API Endpoint /users

An endpoint /users was exposing sensitive user information, including id, first name, last name, email, role, and authdata, to unauthenticated users. This allowed anyone to retrieve private user details without authentication...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the rex-api-result parameter. An attacker can execute arbitrary scripts in the context of the user's browser session by crafting a malicious URL that injects JavaScript into the web page. Details...

WordPress RateMyAgent Official plugin <= 1.4.0 - Cross-Site Request Forgery to API Key Update vulnerability

Cross-Site Request Forgery to API Key Update vulnerability discovered by Dhabaleshwar Das in WordPress Plugin RateMyAgent Official versions = 1.4.0...

Incorrect Authorization

Overview org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Incorrect Authorization that allows an attacker in...

CVE-2024-50689

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the orgService API model...

When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the automslc package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

PT-2025-7660 · Sourcecodester · Sourcecodester Best Church Management

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Church Management Software version 1.0 Description: A critical vulnerability was found in the software, affecting an unknown functionality of the file /admin/app/asset crud.php. The manipulation of the photo1 argument lead...

RupeeWeb 安全漏洞

Rupeeseed RupeeWeb is a state-of-the-art web-based trading platform from Rupeeseed India. RupeeWeb suffers from a security vulnerability that stems from insufficient API endpoint privilege controls, allowing an authenticated, remote attacker to modify information on other user accounts...

CVE-2025-21351

Windows Active Directory Domain Services API Denial of Service Vulnerability...

CVE-2025-23413

When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

firefox: thunderbird: Use-after-free in Custom Highlight

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash...

firefox: thunderbird: Use-after-free in Custom Highlight

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash...

CVE-2025-20124

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit...

USN-7252-1 openjdk-lts vulnerability

It was discovered that the Hotspot component of OpenJDK 11 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information...

F5 BIG-IP Next Central Manager 日志信息泄露漏洞

F5 BIG-IP Next Central Manager is a centralized console from F5 USA. A log information disclosure vulnerability exists in F5 BIG-IP Next Central Manager, which originates from the possibility of recording sensitive information in log files when a user logs in using local authentication via the...