CVE-2025-11142

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account...

CVE-2021-22019

The vCenter Server contains a denial-of-service vulnerability in VAPI vCenter API service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition...

CVE-2021-22009

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service...

EUVD-2021-9177

Malicious code in bioql PyPI...

EUVD-2021-9188

Malicious code in bioql PyPI...

EUVD-2021-9178

Malicious code in bioql PyPI...

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

PT-2025-14514 · Jenkins · Jenkins Cadence Vmanager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cadence vManager Plugin versions 4.0.0-282.v5096a c2db 275 and earlier Description: The issue concerns the storage of Verisium Manager vAPI keys in an unencrypted form within job config.xml files on the Jenkins controller. These keys...

How Can Deliberately Flawed APIs Help In Mastering API Security?

In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training...

PT-2024-15327 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: The VAPIX APIs are vulnerable to file globbing, which could lead to a resource exhaustion attack. The affected API endpoints include "local list.cgi", "create overlay.cgi", and...

CVE-2023-5677

Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged...

VMware vCenter Server Information Disclosure Vulnerability (CNVD-2021-74283)

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vmware vCenter Server is vulnerab...

VMware vCenter Server Denial of Service Vulnerability (CNVD-2021-74280)

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. vmware vCenter Server suffers fr...

CVE-2021-22019

The vCenter Server contains a denial-of-service vulnerability in VAPI vCenter API service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition...

CVE-2021-22019

The vCenter Server contains a denial-of-service vulnerability in VAPI vCenter API service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition...

CVE-2021-22019

CVE-2021-22019 is a denial-of-service vulnerability in VMware vCenter Server’s VAPI service. A remote attacker can send a crafted jsonrpc message to port 5480 to trigger DoS, impacting availability. Red Hat and NVD describe the same DoS condition; the issue is listed under VMSA-2021-0020 with hig...

CVE-2021-22009

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service...

CVE-2021-22008

The vCenter Server contains an information disclosure vulnerability in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information...

CVE-2021-22008

The vCenter Server contains an information disclosure vulnerability in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information...

CVE-2021-22009

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service...