230 matches found
CVE-2025-63667
Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication...
CVE-2025-52665
Summary (CVE-2025-52665): UniFi Access Application versions 3.3.22–3.4.31 expose a misconfigured management API that lacks proper authentication, allowing potential unauthorized access by actors on the management network. The vulnerability was introduced in 3.3.22 and fixed in 4.0.21 and later. R...
Aviatrix Controller Unrestricted Upload of File (CVE-2021-40870)
While the Aviatrix UI requires authentication, many API calls do not enforce a check for authentication. Some of these API calls allow an unauthenticated attacker to upload arbitrary files, including .php scripts, to the filesystem. These uploaded scripts will be processed by the web frontend,...
PT-2025-43651
Name of the Vulnerable Software and Affected Versions Karmada Dashboard versions prior to 0.2.0 Description The Karmada Dashboard, a web-based control panel for the Karmada multi-cluster management project, contains an authentication bypass. Backend API endpoints, such as /api/v1/secret and...
EUVD-2020-7340
Malware in sbrugna...
EUVD-2021-22576
Malware in sbrugna...
EUVD-2020-7342
Malware in sbrugna...
EUVD-2020-6299
Malware in sbrugna...
EUVD-2020-7341
Malware in sbrugna...
EUVD-2020-7339
Malware in sbrugna...
EUVD-2022-48324
Malicious code in bioql PyPI...
EUVD-2022-38850
Malicious code in bioql PyPI...
EUVD-2025-23548
Malicious code in bioql PyPI...
EUVD-2023-54458
Malicious code in bioql PyPI...
EUVD-2021-27998
Malicious code in bioql PyPI...
EUVD-2021-9181
Malicious code in bioql PyPI...
EUVD-2025-8735
Malicious code in bioql PyPI...
CVE-2025-34216
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 VA deployments only expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the...
PT-2025-39883
Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 22.0.1026 Vasion Print Application versions prior to 20.0.2702 Description Vasion Print formerly PrinterLogic Virtual Appliance Host and Application deployments expose unauthenticated REST API endpoints. These...
CVE-2025-59358 Denial of Service via Unauthorized Access to Chaos Mesh debugging server
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...