Allocation Of Resources Without Limits

Bouncy Castle is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to excessive resource allocation due to lack of proper limits in the handling of ASN1ObjectIdentifier in API modules...

CVE-2025-21031

Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs...

Linux Distros Unpatched Vulnerability : CVE-2017-15041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.8.4 and 1.9.x before 1.9.1 allows go get remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1...

Missing Authorization

Mattermost Confluence Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing access validation caused by failure to check user permissions when creating channel subscriptions via the API...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from a lack of input validation for MGW service API calls, which could cause the application...

CData API Server 安全漏洞

CData API Server is a server for creating, deploying, and managing custom APIs from CData. This server provides a highly scalable platform that helps organizations quickly build and expose APIs to communicate with different data sources. A security vulnerability exists in CData API Server that...

CVE-2025-58124

Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic...

Linux Distros Unpatched Vulnerability : CVE-2020-35922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. CVE-2020-35922...

Linux Distros Unpatched Vulnerability : CVE-2020-13324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API...

MAL-2025-41519 Malicious code in @twork-data-services/proxy-prime-api-v1-card-ucid-services (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-30040 Missing authentication in API returning request logs containing session IDs

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...

The Art of Hide and Seek: Making Pickle-Based Model Supply Chain Poisoning Stealthy Again

Pickle deserialization vulnerabilities have persisted throughout Python's history, remaining widely recognized yet unresolved. Due to its ability to transparently save and restore complex objects into byte streams, many AI/ML frameworks continue to adopt pickle as the model serialization protocol...

ROS-20250826-03

Vulnerability of WEBrick library of Ruby programming language interpreter is related to incorrect checking of HTTP requests in the readheader method. HTTP requests in the readheader method. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform HTTP request spoofin...

Moderate: python-cryptography security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

R Programming Language Installed (Linux)

Binary data rlangnixinstalled.nbin...

ROS-20250825-02

A vulnerability in the Nokogiri program library of the Ruby interpreter is related to improper handling of an an unexpected data type. Exploitation of the vulnerability could allow an attacker, acting remotely, disclose protected information or cause a denial of service A vulnerability in the...

R Programming Language Installed (macOS)

Binary data rlangmacosinstalled.nbin...

CVE-2025-7841

CVE-2025-7841 affects the WordPress plugin “Sertifier Certificate & Badge Maker for WordPress – Tutor LMS.” A CSRF flaw exists due to missing/incorrect nonce validation on the sertifier_settings page, enabling unauthenticated attackers to update the plugin’s API key if a site admin is tricked int...

CVE-2025-52352

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to...

CVE-2024-50641

An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token...