EUVD-2025-29664

Malicious code in bioql PyPI...

EUVD-2025-27715

Malicious code in bioql PyPI...

CVE-2025-36351

IBM License Metric Tool version 9.2.0–9.2.40 is affected by CVE-2025-36351, where an authenticated user could bypass REST API access controls and perform unauthorized actions. The issue stems from insufficient authorization checks in the REST API and is rated with CVSSv3.1 base score 4.3 (MEDIUM)...

CVE-2025-20334

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges...

CVE-2025-20334

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges...

PT-2025-39305

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the HTTP API subsystem of Cisco IOS XE Software that may allow a remote attacker to inject commands that will execute with root privileges on the underlying...

GHSA-79HX-3FP8-HJ66 DragonFly vulnerable to arbitrary file read and write on a peer machine

Impact A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain...

CVE-2025-59352 Dragonfly allows arbitrary file read and write on a peer machine

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal...

Linux Distros Unpatched Vulnerability : CVE-2025-1385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a...

CVE-2025-8415

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment...

CVE-2025-55295

CVE-2025-55295 is a path traversal flaw in qBit Manage’s web API. Authenticated users can bypass directory restrictions via the backup_id parameter in the restore_config_from_backup endpoint, allowing reading of arbitrary server files. The issue affects qBit Manage prior to version 4.5.4. The fix...

CVE-2025-55295 qBit Manage Path Traversal Vulnerability

qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbitmanage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restoreconfigfrombackup endpoint. The vulnerability...

qBit Manage 路径遍历漏洞

qBit Manage is an open source seed management tool by StuffAnThings. A path traversal vulnerability exists in qBit Manage, which stems from the presence of path traversal in the web API, which could lead to reading arbitrary files...

Malicious code in web-api-error (npm)

The package web-api-error was found to contain malicious code...

Malicious code in okcollege-web-api (npm)

The package okcollege-web-api was found to contain malicious code...

MAL-2025-38964 Malicious code in web-api-error (npm)

The package web-api-error was found to contain malicious code...

MAL-2025-38965 Malicious code in web-api-mongodb-connection-factory (npm)

The package web-api-mongodb-connection-factory was found to contain malicious code...

MAL-2025-28178 Malicious code in okcollege-web-api (npm)

The package okcollege-web-api was found to contain malicious code...

Tera Insights tiCrypt 安全漏洞

Tera Insights tiCrypt is a private cloud secure computing platform from Tera Insights, Inc. in the United States. A security vulnerability exists in versions of Tera Insights tiCrypt prior to 2025-07-17 that stems from tiaudit allowing unauthenticated REST API requests to disclose sensitive...

📄 Microsoft SharePoint 2019 NTLM Authentication Information Disclosure

Microsoft SharePoint Central Administration improperly exposes NTLM-authenticated endpoints to low-privileged or even brute-forced domain accounts. Once authenticated, an attacker can access the api/web endpoint, disclosing rich metadata about the SharePoint site, including user group...