EUVD-2024-55300

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

CVE-2024-5401

CVE-2024-5401 affects Synology DiskStation Manager (DSM) WebAPI and Synology Unified Controller (DSMUC). The vulnerability is described as an improper control of dynamically-managed code resources in the WebAPI component, allowing remote authenticated users to obtain privileges without consent vi...

CVE-2024-45538

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors...

Synology DiskStation Manager和Synology Unified Controller 安全漏洞

Synology DiskStation Manager DSM and Synology Unified Controller are both products of Synology, a Chinese company.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. Synology DiskStation Manager is an operating system used on network storage servers NAS t...

Synology DiskStation Manager和Synology Unified Controller 跨站请求伪造漏洞

Synology DiskStation Manager DSM and Synology Unified Controller are both products of China-based Synology, Inc.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. Synology DiskStation Manager is an operating system used on network storage servers NAS to...

PT-2025-49024

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager DSM versions prior to 7.2.1-69057-2 Synology DiskStation Manager DSM versions 7.2.1-69057-2 through 7.2.2-72806 Synology Unified Controller DSMUC versions prior to 3.1.4-23079 Description A Cross-Site Request Forge...

CVE-2025-62173 Authenticated SQL Injection in Endpoint Module Rest API

Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API...

[SECURITY] Fedora 42 Update: python-spotipy-2.25.2-1.fc42

A light weight Python library for the Spotify Web API...

[SECURITY] Fedora 41 Update: python-spotipy-2.25.2-1.fc41

A light weight Python library for the Spotify Web API...

[SECURITY] Fedora 43 Update: python-spotipy-2.25.2-1.fc43

A light weight Python library for the Spotify Web API...

Spotipy 跨站脚本漏洞

Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A cross-site scripting vulnerability exists in Spotipy versions prior to 2.25.2, which stems from the OAuth callback server failing to clean up incorrect parameters, which could lead to a...

CVE-2025-63952

A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

echidna-credit-union-race-CTF

NOISYECHIDNA — Race Condition CTF This repository implements...

CVE-2025-11734

The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin registering a REST API endpoint that only...

CVE-2025-12535

CVE-2025-12535 (SureForms

CVE-2025-12427

CVE-2025-12427 affects YITH WooCommerce Wishlist for WordPress (versions ≤ 4.10.0). The vulnerability is an Insecure Direct Object Reference via REST API/AJAX due to missing validation on user-controlled keys, allowing unauthenticated attackers to discover any user’s wishlist token ID and rename ...

CVE-2025-12777 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...