CVE-2025-22220

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user...

Scale 安全漏洞

Scale is an open source work, project and task management platform with more than 30 features from the individual developers at pankajindevops. A security vulnerability exists in Scale 20241113 and prior versions that stems from improper access control in the component API Endpoint...

WordPress Flexmls® IDX Plugin plugin <= 3.14.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via API parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via API parameters vulnerability discovered by 1337Wannabe in WordPress Plugin Flexmls® IDX versions = 3.14.26...

IBM Concert Information Disclosure Vulnerability (CNVD-2025-29674)

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an information disclosure vulnerability that stems from the disclosure of sensitive information via...

Cisco Meeting Management 安全漏洞

Cisco Meeting Management CMM is an administrative tool for Cisco Meeting Server, a Cisco local videoconferencing platform from Cisco USA. A security vulnerability exists in Cisco Meeting Management that stems from insufficient REST API user authorization, resulting in a low-privilege authenticate...

You Can’t Improve What You Can’t See: API Monitoring Is Crucial

...

Unspecified Vulnerability in Microsoft Windows Telephony Server (CNVD-2025-02538)

Microsoft Windows Telephony Server is a component of Microsoft Corporation USA that supports the Telephony Application Programming Interface TAPI, which allows computer programs to communicate with shared telephony services. A security vulnerability exists in Microsoft Windows Telephony Server. A...

UBUNTU-CVE-2025-0194

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner...

WordPress Ultimate Endpoints With Rest Api plugin <= 2.2.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Ultimate Endpoints With Rest Api versions = 2.2.2...

ROS-20241212-04

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-24

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-02

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-22

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

UBUNTU-CVE-2024-47760

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue...

GLPI 访问控制错误漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

GLPI 访问控制错误漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

PT-2024-13527 · It Path Solutions · It Path Solutions Contact Form To Any Api

Name of the Vulnerable Software and Affected Versions: IT Path Solutions Contact Form to Any API versions 1.1.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels...

zhmcclient 安全漏洞

zhmcclient is a server interface to the zhmcclient open source. A security vulnerability exists in zhmcclient that stems from the fact that under certain circumstances, zhmcclient writes password-like attributes in plaintext to its HMC and API logs...

Vulnerability fixed in Zabbix

A vulnerability has been fixed in Zabbix. The vulnerability is in how the CUser class handles the addRelatedObjects function. This could allow non-administrators with API access to perform an SQL injection, which could lead to unauthorized access to sensitive data. The vulnerability could enable...

DEBIAN-CVE-2024-42327

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is availabl...