CVE-2026-20219

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

Astra Linux - уязвимость в golang-github-emicklei-go-restful

Authorization bypass through user-controlled keys in the GitHub repository in the emicklei/go-restful library, prior to version 3.8.0...

SUSE CVE-2026-33065

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

N2W 安全漏洞

N2W is a data backup and recovery software developed by N2W Corporation. Versions of N2W prior to 4.4.0 contained security vulnerabilities. These vulnerabilities stemmed from a two-step attack targeting RESTful APIs, which could lead to remote code execution...

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

CVE-2025-32991

N2WS Backup & Recovery (before 4.4.0) is affected by a two‑step attack against its RESTful API that leads to remote code execution. The available documents describe the vulnerability at a high level without detailing exploit vectors, affected modules, or versions beyond the 4.4.0 threshold. No re...

GHSA-XV8G-FJ9H-6GMV Linkdave Missing Authentication on REST and WebSocket endpoints

The linkdave server does not enforce authentication on its REST and WebSocket routes in versions prior to 0.1.5. Impact An attacker with network access to the server port can: - Connect to the WebSocket endpoint /ws and receive a valid sessionid in the OpReady response. - Use that session to invo...

GHSA-GH4X-F7CQ-WWX6 Glances Exposes Unauthenticated Configuration Secrets

Summary The /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all configured backend services including database passwords, API tokens, JWT...

GO-2026-4481 Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise in github.com/milvus-io/milvus

Milvus: Unauthenticated Access to Restful API on Metrics Port 9091 Leads to Critical System Compromise in github.com/milvus-io/milvus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

CLEANSTART-2026-HV28992 Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3

Multiple security vulnerabilities affect the cert-manager-webhook-pdns-fips package. Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3. See references for individual vulnerability details...

CLEANSTART-2026-YS66739 Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3

Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3. See references for individual vulnerability details...

Azure Linux 3.0 Security Update: sriov-network-device-plugin (CVE-2022-1996)

The version of sriov-network-device-plugin installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1996 advisory. - Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restfu...

CVE-2023-31585

Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php...

PT-2026-1424

Name of the Vulnerable Software and Affected Versions MasterStudy LMS WordPress Plugin versions through 3.7.6 Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is susceptible to unauthorized modification and deletion of data. This is due to a...

📄 Cisco ISE API 3.2 Command Injection

Proof of concept exploit for a command injection vulnerability in Cisco ISE API version 3.2. ============================================================================================================================================= | Title : Cisco ISE API 3.2 command injection Exploits | |...

📄 Cisco ISE API 3.1 Command Injection

Proof of concept exploit for a command injection vulnerability in Cisco ISE API version 3.1. ============================================================================================================================================= | Title : Cisco ISE API 3.1 command injection Exploits | |...

CVE-2025-12171

CVE-2025-12171 concerns the WordPress RESTful Content Syndication plugin (versions 1.1.0–1.5.0). The vulnerability is an arbitrary file upload flaw caused by missing file-type validation in ingest_image(), allowing authenticated attackers with Author-level access (or higher) to upload arbitrary f...

CVE-2025-12171 RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...