FreePBX SQL注入漏洞

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. FreePBX suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered S...

EUVD-2025-201138

Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API...

EUVD-2025-201130

RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via API. No ownership...

CVE-2025-63402

An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests...

Architecture Patterns That Enable Cycode alternatives at Scale

Guide to scale ready code security with event driven scans unified data and API first design for large teams seeking strong growth aligned control...

[SECURITY] Fedora 41 Update: nextcloud-32.0.2-1.fc41

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 42 Update: nextcloud-32.0.2-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 43 Update: nextcloud-32.0.2-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

CVE-2025-63402

An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests...

Pepper Programming Language 安全漏洞

Pepper Programming Language is an interpreted programming language from the Dutch individual developer Danny van Kooten. A security vulnerability exists in Pepper Programming Language version 0.1.1commit, which originates from a heap buffer overflow and could lead to the execution of arbitrary co...

PT-2025-48977

An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests...

INFERMAL: Inferential Analysis of Maliciously Registered Domains

Cybercriminals have long depended on domain names for phishing, spam, malware distribution, and botnet operation. To facilitate the malicious activities, they continually register new domain names for exploitation. Previous work revealed an abnormally high concentration of malicious registrations...

CVE-2025-35028 HexStrike AI MCP Server Command Injection

By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...

[SECURITY] Fedora 42 Update: drupal7-7.103-1.fc42

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

[SECURITY] Fedora 43 Update: drupal7-7.103-1.fc43

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

container-tools:rhel8 security, bug fix, and enhancement update

An update is available for module.criu, module.libslirp, libslirp, criu. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The container-tools module contains tool...

CVE-2025-59454

In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While these APIs were accessible only to authorized users, insufficient permission validation meant that...

CVE-2025-59454

In Apache CloudStack, a gap in access control checks allowed an authenticated user to access information beyond their intended scope via several APIs. Affected endpoints include createNetworkACL, listNetworkACLs, listResourceDetails, listVirtualMachinesUsageHistory, and listVolumesUsageHistory. T...

OneUptime Unauthorized User Creation via API

Summary A low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. PoC A low-permission user sends a crafted API request to the user-creation endpoint and the system creates the account successfully. Impact This allows attacke...

CVE-2025-65966 OneUptime Unauthorized User Creation via API

OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0...