GO-2025-4090 lakeFS affected by unauthenticated access to API usage metrics in github.com/treeverse/lakefs

lakeFS affected by unauthenticated access to API usage metrics in github.com/treeverse/lakefs...

CVE-2025-13319 Authenticated SQL injection in API - Digi On-Prem Manager

An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the attack...

Rust Adoption Drives Android Memory Safety Bugs Below 20% for First Time

Google has disclosed that the company's continued adoption of the Rust programming language in Android has resulted in the number of memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time. "We adopted Rust for its security and are seeing a 1000x reduction in...

Nettec AS Digi On-Prem Manager 安全漏洞

Nettec AS Digi On-Prem Manager is a device management platform from Nettec AS, Norway. A security vulnerability exists in Nettec AS Digi On-Prem Manager that stems from a SQL injection vulnerability in the API functionality, which could lead to SQL injection attacks...

EUVD-2025-180549

IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network...

CVE-2025-13160 IQ Service International｜IQ-Support - Exposure of Sensitive Information

IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network...

PT-2025-47024

Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C firmware versions up to and including 1.9.3 Description The Screen SFT DAB 600/C firmware has an issue with access control on the user management API. Unauthenticated requests can retrieve structured user data, including...

Unspecified Vulnerability in Rockwell Automation Verve Asset Manager

Rockwell Automation Verve Asset Manager is a vendor-neutral OT endpoint management platform from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation Verve Asset Manager that can be exploited by an attacker to read, update, and delete users via the API...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to properly validating team membership permissions in the Add Channel Member API. An attacker can obtain unauthorized access to user metadata and channel membership information from other teams by sending...

Cisco Catalyst Center REST API Command Injection Vulnerability

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

Linux Distros Unpatched Vulnerability : CVE-2025-40151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: No support of struct argument in trampoline programs The current...

CVE-2025-11894

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

EUVD-2025-84343

A local server-side request forgery SSRF security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes...

CVE-2025-11862

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

CVE-2025-11862 Verve Asset Manager Access Control Vulnerability

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

PT-2025-46340

Name of the Vulnerable Software and Affected Versions Verve Asset Manager affected versions not specified Description A security issue exists in Verve Asset Manager that allows unauthorized read-only users to perform actions beyond their intended permissions. Specifically, these users can read,...

Rockwell Automation Studio 5000 Simulation Interface 安全漏洞

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...

PT-2025-46243

Name of the Vulnerable Software and Affected Versions Include Fussball.de Widgets plugin for WordPress versions up to and including 4.0.0 Description The software contains a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping. Authenticated attackers with...

CVE-2025-64431

Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...

PT-2025-45564

Name of the Vulnerable Software and Affected Versions Alex Reservations: Smart Restaurant Booking plugin for WordPress versions up to and including 2.2.3 Description The Alex Reservations: Smart Restaurant Booking plugin for WordPress is susceptible to arbitrary file uploads because of a lack of...