1105 matches found
Security Bulletin: IBM Storage Scale versions 5.2.3.0 and 5.2.3.1 are affected by a security vulnerability that can allow unauthorized access to user files (CVE-2025-36104)
Summary IBM has identified a data access problem in IBM Storage Scale 5.2.3.0 and 5.2.3.1 regarding the SMB protocol and acccess control lists ACLs. The problem occurs with the use of inherited ACLs on directories or files that are created or modified through the SMB protocol. A fix for this...
CVE-2025-3648
A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list ACL configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer...
Security Filter Bypass
github.com/lxc/incus is vulnerable to security filter bypass. The vulnerability is due to incorrect generation of nftables rules when applying ACLs on devices connected to a bridge, which allows ARP spoofing and full spoofing of another VM/container on the same bridge...
CVE-2025-53295
Missing Authorization vulnerability in iCount iCount Payment Gateway icount allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iCount Payment Gateway: from n/a through = 2.0.7...
PT-2025-27203 · Unknown · Rohil Contact Form – 7 : Hide Success Message
Name of the Vulnerable Software and Affected Versions: Rohil Contact Form – 7 : Hide Success Message versions 1.1.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For...
CVE-2025-52889 Incus vulnerable to DoS through antispoofing nftables firewall rule bypass on bridge networks with ACLs
Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services DHCP, DNS... that partially bypass security options security.macfiltering, security.ipv4filtering and...
CVE-2025-52889
Incus (system container/VM manager) on versions 6.12–6.13 is vulnerable when an ACL on a bridge-connected device is used: nftables rules for local services can bypass security.mac_filtering, security.ipv4_filtering, and security.ipv6_filtering, enabling DHCP pool exhaustion and potential further ...
PT-2025-26358 · Unknown · Contentstudio
Name of the Vulnerable Software and Affected Versions: ContentStudio versions 1.3.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For ContentStudio versions 1.3.4 and...
PT-2025-26354 · Unknown · Thanhtungtnt Video List Manager
Name of the Vulnerable Software and Affected Versions: thanhtungtnt Video List Manager versions 1.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For thanhtungtnt Vide...
CVE-2025-49872
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through = 2.9.4.2...
CVE-2025-49864 WordPress AFS Analytics plugin <= 4.21 - Broken Access Control Vulnerability
Missing Authorization vulnerability in AFS Analytics AFS Analytics addfreestats allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AFS Analytics: from n/a through = 4.21...
PT-2025-25724 · Unknown · Afs Analytics
Name of the Vulnerable Software and Affected Versions: AFS Analytics versions through 4.21 Description: The issue is related to a Missing Authorization vulnerability, where AFS Analytics allows accessing functionality not properly constrained by ACLs. Recommendations: For versions through 4.21,...
CVE-2025-30934
Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through = 1.4.16...
CVE-2025-30934 WordPress 診断ジェネレータ作成プラグイン plugin <= 1.4.16 - Broken Access Control Vulnerability
Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through = 1.4.16...
CVE-2025-47558
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through 8.6.13...
CVE-2024-53708
Missing Authorization vulnerability in kekotron AI Quiz ai-quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through = 1.1...
CVE-2023-46630
Improper Authentication vulnerability in wpase Admin and Site Enhancements ASE allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements ASE: from n/a through 5.7.1...
CVE-2023-51542
Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through 3.4.14...
CVE-2022-44587
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3...
CVE-2020-5836
Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled...