CVE-2025-2745

A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker with privileges to create/update annotations or upload media files to persist arbitrary JavaScript code that will be executed by users who were...

CVE-2025-2745

A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker with privileges to create/update annotations or upload media files to persist arbitrary JavaScript code that will be executed by users who were...

CVE-2025-2745 AVEVA PI Web API Cross-site Scripting

A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker with privileges to create/update annotations or upload media files to persist arbitrary JavaScript code that will be executed by users who were...

CVE-2025-2745

CVE-2025-2745 is a cross-site scripting vulnerability in AVEVA PI Web API (versions 2023 SP1 and prior). The root cause is improper handling that allows an authenticated attacker, with privileges to create/update annotations or upload media files, to persist arbitrary JavaScript code. The code co...

CVE-2025-2745 AVEVA PI Web API Cross-site Scripting

A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker with privileges to create/update annotations or upload media files to persist arbitrary JavaScript code that will be executed by users who were...

PT-2025-25349 · Aveva · Aveva Pi Web Api

Name of the Vulnerable Software and Affected Versions: AVEVA PI Web API versions 2023 SP1 and prior Description: A cross-site scripting issue exists that could allow an authenticated attacker with privileges to create or update annotations, or upload media files, to persist arbitrary JavaScript...

CVE-2025-2407

Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5...

Prototype Pollution

Docarray is vulnerable to prototype pollution. The vulnerability is due to lack of input sanitization in the getitem function of torchdataset.py in the Web API component, allows an attacker to remotely manipulate object prototypes...

CVE-2025-5150

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

CVE-2025-2407

Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5...

CVE-2025-2407 Missing Authentication & Authorization in Web-API allows adversary unrestricted access

Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5...

CVE-2025-2407 Missing Authentication & Authorization in Web-API allows adversary unrestricted access

Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5...

PT-2025-22972 · Mobatime · Mobatime Amx Mtapi

Name of the Vulnerable Software and Affected Versions: Mobatime AMX MTAPI v6 versions prior to 1.5 Description: The issue concerns Missing Authentication & Authorization in the Web-API of Mobatime AMX MTAPI v6 on IIS, allowing adversaries to gain unrestricted access via the network...

GHSA-J9WP-865G-RF48 docarray prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

docarray prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

CVE-2025-5150

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

CVE-2025-5150

CVE-2025-5150 affects docarray ≤ 0.40.1, specifically the Web API file /docarray/data/torch_dataset.py, where the vulnerable function is getitem . The issue enables prototype pollution via object prototype attributes, potentially allowing remote exploitation. Multiple sources corroborate a remote...

CVE-2025-5150 docarray Web API torch_dataset.py __getitem__ prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

CVE-2024-45104

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...

CVE-2023-34418

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API...