CVE-2024-45538

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors...

PT-2025-49024

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager DSM versions prior to 7.2.1-69057-2 Synology DiskStation Manager DSM versions 7.2.1-69057-2 through 7.2.2-72806 Synology Unified Controller DSMUC versions prior to 3.1.4-23079 Description A Cross-Site Request Forge...

Synology DiskStation Manager和Synology Unified Controller 安全漏洞

Synology DiskStation Manager DSM and Synology Unified Controller are both products of Synology, a Chinese company.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. Synology DiskStation Manager is an operating system used on network storage servers NAS t...

Synology DiskStation Manager和Synology Unified Controller 跨站请求伪造漏洞

Synology DiskStation Manager DSM and Synology Unified Controller are both products of China-based Synology, Inc.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. Synology DiskStation Manager is an operating system used on network storage servers NAS to...

CVE-2025-62173 Authenticated SQL Injection in Endpoint Module Rest API

Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API...

[SECURITY] Fedora 42 Update: python-spotipy-2.25.2-1.fc42

A light weight Python library for the Spotify Web API...

[SECURITY] Fedora 41 Update: python-spotipy-2.25.2-1.fc41

A light weight Python library for the Spotify Web API...

[SECURITY] Fedora 43 Update: python-spotipy-2.25.2-1.fc43

A light weight Python library for the Spotify Web API...

Spotipy 跨站脚本漏洞

Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A cross-site scripting vulnerability exists in Spotipy versions prior to 2.25.2, which stems from the OAuth callback server failing to clean up incorrect parameters, which could lead to a...

CVE-2025-63952

A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

echidna-credit-union-race-CTF

NOISYECHIDNA — Race Condition CTF This repository implements...

CVE-2025-11734

The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin registering a REST API endpoint that only...

CVE-2025-12535

CVE-2025-12535 (SureForms

CVE-2025-12427

CVE-2025-12427 affects YITH WooCommerce Wishlist for WordPress (versions ≤ 4.10.0). The vulnerability is an Insecure Direct Object Reference via REST API/AJAX due to missing validation on user-controlled keys, allowing unauthenticated attackers to discover any user’s wishlist token ID and rename ...

CVE-2025-12777 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...

UBUNTU-CVE-2025-58122

Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure...

CVE-2025-20349

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

CVE-2025-11923

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to allowing them to modify their own role via the REST API. The permission check in the...

CVE-2025-11923 LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes - Various Versions - Authenticated (Student+) Privilege Escalation

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to allowing them to modify their own role via the REST API. The permission check in the...

EUVD-2025-60948

The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles durin...