EUVD-2025-34158

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...

PT-2025-41836

Name of the Vulnerable Software and Affected Versions SAP Application Server for ABAP affected versions not specified Description An authenticated attacker can store malicious JavaScript payloads. These payloads could be executed in a victim user's browser when accessing the affected functionalit...

ROS-20251014-11

Go programming language vulnerability is related to improper input validation. Exploitation The vulnerability could allow a remote attacker to bypass existing security restrictions. security...

CVE-2025-61688

CVE-2025-61688 affects Omni, a tool for managing Kubernetes on bare metal, VMs, or cloud environments. Public documents confirm an information leak via an API in Omni older than specific releases. The vulnerability is described consistently across sources as leaking sensitive information through ...

Omni vulnerable to information leak via API

Impact Omni might leak sensitive information via an API. Patches v1.1.5, v1.0.2 and v1.2.0 contain the patch. Workarounds None. References None...

CVE-2025-9553 API Key manager - Critical - Unsupported - SA-CONTRIB-2025-103

Vulnerability in Drupal API Key manager.This issue affects API Key manager:...

CVE-2025-61912

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to...

PT-2025-41384

Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex versions 5.0.0 through 5.0.13.1 Description A privileged user could potentially cause a denial of service due to improperly validated API input, leading to excessive resource consumption. The issue stems from insufficient...

ROS-20251008-07

Vulnerabilities The Go programming language vulnerability is related to synchronization errors when using a of a shared resource. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

GHSA-WR9H-G72X-MWHM vLLM is vulnerable to timing attack at bearer auth

Summary The API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force. Details...

Covert Timing Channel

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Covert Timing Channel via the apiserver component. An attacker can gain unauthorized access by exploiting differences in response times during API k...

CVE-2025-40676

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

EUVD-2021-1901

Malware in sbrugna...

EUVD-2011-5254

Malware in sbrugna...

EUVD-2020-21244

Malware in sbrugna...

EUVD-2021-1747

Malware in sbrugna...

EUVD-2016-5516

Malware in sbrugna...

EUVD-2018-17162

Malware in sbrugna...

EUVD-2021-19537

Malware in sbrugna...

EUVD-2021-1830

Malware in sbrugna...