CVE-2025-10948

CVE-2025-10948 affects MikroTik RouterOS 7, specifically the parse_json_element function in the libjson.so component used by /rest/ip/address/print. The issue is a remote-exploitable buffer overflow reported in multiple feeds, with public disclosure of the exploit. The vulnerability is stated to ...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-39083

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.112 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.7 Liferay Portal versions 7.4 GA through update 92 Description The Batch Engine does not correctly...

WordPress Password Reset with Code plugin < 0.0.17 - Insecure Password Reset Code Creation vulnerability

Insecure Password Reset Code Creation vulnerability discovered by Tommaso Gregori p1s1o in WordPress Plugin Password Reset with Code for WordPress REST API versions 0.0.17...

CVE-2025-5305 Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers...

PT-2025-38299

Name of the Vulnerable Software and Affected Versions Password Reset with Code for WordPress REST API plugin versions prior to 0.0.17 Description The plugin does not employ cryptographically secure algorithms for generating One-Time Password OTP codes, which could allow for account takeovers...

Vulnerabilities fixed in Cisco NX-OS Software

Cisco has fixed vulnerabilities in Cisco NX-OS Software for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software, including IS-IS, PIM6, logging, command-line interface CLI, and the REST API of the Nexus Dashboard. These vulnerabilities can ...

Linux Distros Unpatched Vulnerability : CVE-2022-48317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk = 2.1.0p10 and Checkmk = 2.0.0p28 allowing an attacker to use expired session...

Linux Distros Unpatched Vulnerability : CVE-2022-48318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosu...

CVE-2025-55739

api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© PBX. In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An...

CVE-2025-55739

api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© PBX. In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An...

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

PT-2025-35781

Name of the Vulnerable Software and Affected Versions: Jenkins global-build-stats Plugin versions 322.v22f4db 18e2dd and earlier Description: The Jenkins global-build-stats Plugin does not perform permission checks in its REST API endpoints. Attackers with Overall/Read permission can enumerate...

Linux Distros Unpatched Vulnerability : CVE-2017-14868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request...

CVE-2025-5662

A deserialization vulnerability exists in the H2O-3 REST API POST /99/ImportSQLTable that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution RCE due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present i...

CVE-2025-5662 Deserialization Vulnerability in h2oai/h2o-3

A deserialization vulnerability exists in the H2O-3 REST API POST /99/ImportSQLTable that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution RCE due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present i...

PT-2025-35547

Name of the Vulnerable Software and Affected Versions: H2O-3 versions prior to 3.46.0.8 Description: A deserialization issue exists in the H2O-3 REST API /99/ImportSQLTable. The vulnerability allows remote code execution RCE due to improper validation of JDBC connection parameters when using a...

Linux Distros Unpatched Vulnerability : CVE-2024-38865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows...

CVE-2025-20347

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...

CVE-2025-20348

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...