289 matches found
CVE-2024-12125
A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information. Mitigation Red Hat has investigated whether a...
PT-2025-45387
Name of the Vulnerable Software and Affected Versions 3scale Developer Portal affected versions not specified Description A flaw exists in the 3scale developer portal that could allow account creation or updates through hidden or read-only fields. This allows an attacker to potentially access or...
EUVD-2025-35599
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level...
CVE-2025-61907 Icinga 2 API users could access restricted values in filter expressions
Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...
CVE-2025-31702
A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may...
CVE-2025-31702
A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may...
EUVD-2020-27461
Malware in sbrugna...
EUVD-2019-1091
Malware in sbrugna...
EUVD-2002-0566
Malware in sbrugna...
EUVD-2020-27418
Malware in sbrugna...
EUVD-2022-41310
Malicious code in bioql PyPI...
EUVD-2024-41640
Malicious code in bioql PyPI...
EUVD-2024-34950
Malicious code in bioql PyPI...
EUVD-2025-32066
Malicious code in bioql PyPI...
EUVD-2025-28218
Malicious code in bioql PyPI...
EUVD-2023-24092
Malicious code in bioql PyPI...
JEPaaS 访问控制错误漏洞
JEPaaS is a low-code rapid development platform for building enterprise-class applications. A security vulnerability exists in JEPaaS 7.2.8, which stems from the doFilterInternal function of the Filter Handler component not properly enforcing access control. The vulnerability can be exploited by ...
CVE-2025-54551
Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. If exploited, a user of the product may escalate the privilege and access data that the user do not have permission to view by altering the parameters of the...
PT-2025-34074 · Frappé Technologies · Frappe
Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 15.74.2 Frappe versions prior to 14.96.15 Description: Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to via SQL injection...
D-Link DIR-818L Injection Vulnerability
The D-Link DIR-818L is a WiFi router from the Chinese company AUO D-Link. The D-Link DIR-818L suffers from an injection vulnerability that originates from a misbehavior in the file /htdocs/cgibin, which can be exploited by an attacker to bypass authentication and access restricted data by injecti...