PT-2025-30913 · Unknown · Abnormal Security

Name of the Vulnerable Software and Affected Versions: Abnormal Security versions prior to 2025-02-19 Description: The software contains an issue that allows downgrading the privileges of other user accounts. The issue is related to the /v1.0/rbac/users v2/USER ID/ API endpoint, where USER ID is ...

Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to cleartext transmission of sensitive information (CVE-2025-36034)

Summary A disclosure of sensitive information vulnerability in InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2025-36034 DESCRIPTION: IBM InfoSphere DataStage Flow Designer discloses sensitive user information in API requests in clear text that could be...

Exploit for Code Injection in Langflow

CVE-2025-3248 !https://img.shields.io/badge/license-MIT-blu...

CVE-2023-6910

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests...

CVE-2020-3985

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their...

CVE-2025-35996

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, t...

CVE-2025-42604

This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related...

PT-2025-17769 · Animate · Animate

Name of the Vulnerable Software and Affected Versions: Animate versions n/a through 0.5 Description: A Server-Side Request Forgery SSRF issue allows for Server Side Request Forgery. This issue is related to the Animate software. Recommendations: For Animate versions n/a through 0.5, consider...

CVE-2024-9439

SuperAGI is vulnerable to remote code execution in the latest version. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise...

CVE-2025-29995

This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targete...

How Scalping Bots Exploited a Vulnerable API to Disrupt Online Retail Sales

In the fast-paced world of online retail, where customer satisfaction and availability are paramount, a sudden attack by scalping bots can disrupt operations, inflate costs, and damage reputation. A North American Online Retailer faced a month-long bot attack that targeted their inventory system,...

PT-2024-34546 · Jepaas · Jepaas

Name of the Vulnerable Software and Affected Versions: JEPaaS version 7.2.8 Description: The issue is related to SQL injection vulnerability in multiple parameters via the "/je/login/btnLog/insertBtnLog" API endpoint. This could allow a remote user to submit a specially crafted query, enabling an...

PT-2024-10761 · Cypress +1 · Cypress Wireless Combo Chips +1

Name of the Vulnerable Software and Affected Versions: Cypress and Broadcom Wireless Combo chips versions prior to the January 2021 firmware update Description: The issue allows memory read access via a "Spectra" attack when a January 2021 firmware update is not present. This affects specific...

CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs18 (CVE-2023-5363)

The version of cloud-hypervisor-cvm / hvloader / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5363 advisory. - Issue summary: A bug has been identified in the processing of key and...

CVE-2024-37018

The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets...

Cross site request forgery (csrf)

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

PT-2024-3781 · Ibm · Ibm Operational Decision Manager

Name of the Vulnerable Software and Affected Versions: IBM Operational Decision Manager versions 8.10.3 through 8.12.0.1 Description: The issue is related to a remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. This could allow a remote attacker t...

VulnCheck KEV: CVE-2021-22122

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload in different vulnerable API...

CVE-2023-6910

CVE-2023-6910 (M‑Files Server) : Affected software (M‑Files Server) with vulnerable API method prior to 23.12.13195.0 permits uncontrolled resource consumption, allowing an authenticated attacker to exhaust server storage and disrupt service. Connected PT-2023-32818 provides explicit affected ver...

CVE-2023-6910 Uncontrolled Resource Consumption in M-Files Server

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests...