CVE-2026-24789

CVE-2026-24789 is described in the provided documents as an unprotected API endpoint that allows remote password modification without authentication. The reports (including NVD/Red Hat/CVE lists) state a critical impact (high confidentiality, integrity, and availability effects) with CVSS scores ...

CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...

CVE-2019-18980

On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. Th...

Mars: Sensitive information exposed at [███] via /export_panelists_to_xlsx endpoint

A vulnerability was identified that allowed unauthorized access to personally identifiable information through an unprotected API endpoint. The vulnerability exposed user email addresses and telephone numbers. The issue was classified under CWE-312 with a CVSS score of 6.1. The vulnerability was...

EUVD-2019-8640

Malware in sbrugna...

EUVD-2017-9760

Malware in sbrugna...

EUVD-2018-7529

Malware in sbrugna...

EUVD-2025-11135

Malicious code in bioql PyPI...

CVE-2025-10867

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests...

CVE-2025-10867 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests...

CVE-2023-28645

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

CVE-2017-18669

An issue was discovered on Samsung mobile devices with N7.x software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 June 2017...

CVE-2025-27927

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...

CVE-2025-27927

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...

CVE-2025-27927

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...

CVE-2025-27927

CVE-2025-27927 concerns Growatt Cloud Applications (Growatt Cloud portal). Connected sources describe a vulnerability where an unauthenticated attacker can determine a list of smart devices by querying an unprotected API using a valid username, indicating weak access control on user-oriented API ...

CVE-2025-27927 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...

CVE-2025-27927 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...

PT-2025-16498

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description An unauthenticated attacker can obtain a list of smart devices by knowing a valid username through an unprotected API. Recommendations At the moment, there is no information about a newer...

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and earlier, which originates from an unauthenticated attacker being able to obtain a list of smart devices via an unprotected API...