CVE-2025-11862

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

CVE-2025-11862 Verve Asset Manager Access Control Vulnerability

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

PT-2025-46340

Name of the Vulnerable Software and Affected Versions Verve Asset Manager affected versions not specified Description A security issue exists in Verve Asset Manager that allows unauthorized read-only users to perform actions beyond their intended permissions. Specifically, these users can read,...

Rockwell Automation Studio 5000 Simulation Interface 安全漏洞

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...

PT-2025-46243

Name of the Vulnerable Software and Affected Versions Include Fussball.de Widgets plugin for WordPress versions up to and including 4.0.0 Description The software contains a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping. Authenticated attackers with...

CVE-2025-64431

Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...

PT-2025-45564

Name of the Vulnerable Software and Affected Versions Alex Reservations: Smart Restaurant Booking plugin for WordPress versions up to and including 2.2.3 Description The Alex Reservations: Smart Restaurant Booking plugin for WordPress is susceptible to arbitrary file uploads because of a lack of...

EUVD-2025-38216

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler via verifyPeerCert, an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileg...

CVE-2025-37736 Elastic Cloud Enterprise Improper Authorization

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...

CVE-2025-61956

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...

How to Protect Personal Data in Today’s API Economy

...

CVE-2025-55278

Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized...

Cisco Unified Intelligence Center API Information Disclosure (cisco-sa-cc-mult-vuln-gK4TFXSn)

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...

CVE-2025-20377

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...

EUVD-2025-37960

Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized...

Ubia Ubox 安全漏洞

Ubia Ubox is an intelligent video surveillance device from China's Yuchuan Network Ubia. Ubia Ubox has a security vulnerability that stems from a failure to adequately protect API credentials, which could lead to unauthorized access to the camera and view live feeds or modify settings...

GO-2025-4022 Omni vulnerable to information leak via API in github.com/siderolabs/omni

Omni vulnerable to information leak via API in github.com/siderolabs/omni...

CVE-2025-20377 Cisco Unified Intelligence Center API Information Disclosure Vulnerability

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...

[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.5.6-1.fc43

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

Cisco多款产品 信息泄露漏洞

Cisco Unified Intelligence Center and others are products of Cisco USA.Cisco Unified Intelligence Center is a Web-based reporting platform.Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution.Cisco Unified Contact...