CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on...Read More ...

Continue Reading
CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on...Read More ...

Continue Reading
CVE-2025-27845

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the...Read More ...

Continue Reading
EUVD-2025-24807

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly ...

Continue Reading
CVE-2024-53945

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS comm ...

Continue Reading
CVE-2025-55673 Apache Superset: Metadata exposure in embedded charts

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly ...

Continue Reading
CVE-2025-55675 Apache Superset: Incorrect datasource authorization on REST API

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do no ...

Continue Reading
CVE-2024-53945

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS comm ...

Continue Reading

Back to Main

Subscribe for the latest news: