PT-2025-45018

Name of the Vulnerable Software and Affected Versions Radiometrics VizAir affected versions not specified Description Radiometrics VizAir lacks authentication mechanisms for critical functions, including admin access and API requests. This allows attackers to modify configurations without...

EUVD-2025-37435

Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12600

Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12600

CVE-2025-12600 affects Azure Access Technology BLU-IC2 and BLU-IC4 (through 1.19.5). Reports describe a Web UI malfunction when an unexpected locale is set via an API call. The vulnerability impacts the Web UI layer and is tied to the locale parameter supplied through the API, with affected versi...

CVE-2025-12600 Web UI Malfunction

Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-11843

Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the...

CVE-2025-12038

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...

WordPress plugin Import WP – Export and Import CSV and XML files to WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...

CVE-2025-11843

Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the...

EUVD-2025-37315

Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available...

EUVD-2024-55056

Nagios XI versions prior to 2024R1.1.2 may confirmed in 2024R1.1 and 2024R1.1.1 disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account...

PT-2025-44662

Name of the Vulnerable Software and Affected Versions LogicalDOC Community Edition versions up to 9.2.1 Description A flaw exists in the API Key creation UI component that allows for cross site scripting. Remote exploitation is possible. The issue has been publicly disclosed, and the vendor was...

PT-2025-44671

Name of the Vulnerable Software and Affected Versions Summer Pearl Group Vacation Rental Management Platform versions prior to 1.0.2 Description The Summer Pearl Group Vacation Rental Management Platform is affected by inadequate server-side authorization. Authenticated attackers can access and...

LogicalDOC Community Edition 代码注入漏洞

LogicalDOC Community Edition is a documentation system from LogicalDOC Italy. A code injection vulnerability exists in LogicalDOC Community Edition 9.2.1 and earlier versions, which stems from a cross-site scripting vulnerability in the API Key creation UI component...

Ubiquiti多款产品 安全漏洞

Ubiquiti UniFi Talk Touch, among others, is an IP phone from Ubiquiti USA. A security vulnerability exists in various Ubiquiti products, which stems from an unintentional enablement of the internal debugging feature, which could allow an attacker to invoke internal debugging operations via the...

CVE-2025-34283 Nagios XI < 2024R1.4.2 API Key Disclosure via Neptune Themes

Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value...

ROS-20251030-05

Vulnerability of Erlang programming language OTP library set is related to incorrect checking of ZIP archives in "zip:unzip/1,2" and "zip:extract/1,2" procedures of Erlang/OTP standard library ZIP archives in the "zip:unzip/1,2" and "zip:extract/1,2" procedures of the Erlang/OTP standard library...

PT-2025-44521

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.4.2 Description Nagios XI versions prior to 2024R1.4.2 had a flaw where API keys were exposed to users lacking the necessary API access permissions when utilizing Neptune themes. An authenticated user, even...

PT-2025-44494

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1 Description Nagios Log Server versions prior to 2024R1 have an incorrect authorization issue. Users without the necessary API permissions could access API endpoints, leading to unauthorized data acces...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly negotiating supported features, which could lead to API compatibility issues...