CVE-2026-24177

NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information disclosure...

CVE-2026-20223

Cisco Secure Workload is affected by a vulnerability in the access validation of internal REST APIs that could allow an unauthenticated, remote attacker to access site resources with Site Admin privileges. The issue arises from insufficient validation/authentication when accessing REST API endpoi...

CVE-2026-24177

NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information disclosure...

CVE-2025-55274

HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, and possible data manipulation or leakage. If an attacker to exploit CORS misconfiguration, they...

Authentication Bypass Using an Alternate Path or Channel

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the route classification process. An attacker can gain unauthorized access to protected API endpoints by submitting requests...

PT-2026-3768

Name of the Vulnerable Software and Affected Versions Apache Solr versions 5.3.0 through 9.10.0 Description Deployments of Apache Solr utilizing the Rule Based Authorization Plugin are susceptible to unauthorized access to certain Solr APIs. This occurs due to insufficient input validation within...

CVE-2025-11862

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

EUVD-2024-46875

Malicious code in bioql PyPI...

Radar 安全漏洞

Radar wind control engine is a lightweight real-time wind control engine by feihu.wang individual developers. A security vulnerability exists in Radar v1.0.8, which stems from improper access control and could lead to unauthorized access to sensitive APIs...

Exploit for Deserialization of Untrusted Data in Wazuh

CVE-2025-24016 Wazuh Remote Code Execution RCE - PoC 🚨 De...

CVE-2023-47142

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

CVE-2025-42604 Detailed Error Response Vulnerability in Meon KYC solutions

This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related...

Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229

Versa Networks has released an advisory for a vulnerability CVE-2024-45229link is external affecting Versa Director. A cyber threat actor could exploit this vulnerability to exercise unauthorized REST APIs. CISA urges organizations to apply necessary updates, hunt for any malicious activity, repo...

The vulnerability of the Cisco Smart License Utility software management software lies in undocumented static user credentials. This allows a malicious individual to gain unauthorized access to confidential information and to access the API without proper authorization.

The vulnerability of the Cisco Smart License Utility software management system is related to undocumented static account data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to confidential information and unauthorized access to the API...

PT-2024-26338 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue allows authenticated users to access sensitive information due to improper authorization controls on APIs. Recommendations: For versions 8.3 and 9.0, consider restricti...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from the presence of a method of unauthorized access to certain APIs of the multifunction device's internal programs, which could allow...

CVE-2023-47142

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

CVE-2023-47142 IBM Tivoli Application Dependency Discovery Manager privilege escalation

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

CVE-2023-47142 IBM Tivoli Application Dependency Discovery Manager privilege escalation

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...