Lucene search
+L

1105 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 7:16 p.m.6 views

Security Bulletin: IBM Storage Scale versions 5.2.3.0 and 5.2.3.1 are affected by a security vulnerability that can allow unauthorized access to user files (CVE-2025-36104)

Summary IBM has identified a data access problem in IBM Storage Scale 5.2.3.0 and 5.2.3.1 regarding the SMB protocol and acccess control lists ACLs. The problem occurs with the use of inherited ACLs on directories or files that are created or modified through the SMB protocol. A fix for this...

6.5CVSS6.3AI score0.00249EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/10 4:28 p.m.8 views

CVE-2025-3648

A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list ACL configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer...

8.2CVSS6.9AI score0.01664EPSS
Exploits0References1
Veracode
Veracode
added 2025/06/30 3:51 a.m.6 views

Security Filter Bypass

github.com/lxc/incus is vulnerable to security filter bypass. The vulnerability is due to incorrect generation of nftables rules when applying ACLs on devices connected to a bridge, which allows ARP spoofing and full spoofing of another VM/container on the same bridge...

8.1CVSS6.2AI score0.00195EPSS
Exploits0References4Affected Software3
RedhatCVE
RedhatCVE
added 2025/06/29 2:26 p.m.11 views

CVE-2025-53295

Missing Authorization vulnerability in iCount iCount Payment Gateway icount allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iCount Payment Gateway: from n/a through = 2.0.7...

5.3CVSS5.9AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.6 views

PT-2025-27203 · Unknown · Rohil Contact Form – 7 : Hide Success Message

Name of the Vulnerable Software and Affected Versions: Rohil Contact Form – 7 : Hide Success Message versions 1.1.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For...

5.3CVSS6.8AI score0.00257EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/25 4:49 p.m.5 views

CVE-2025-52889 Incus vulnerable to DoS through antispoofing nftables firewall rule bypass on bridge networks with ACLs

Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services DHCP, DNS... that partially bypass security options security.macfiltering, security.ipv4filtering and...

3.4CVSS7.2AI score0.00202EPSS
Exploits0References3
CVE
CVE
added 2025/06/25 4:49 p.m.31 views

CVE-2025-52889

Incus (system container/VM manager) on versions 6.12–6.13 is vulnerable when an ACL on a bridge-connected device is used: nftables rules for local services can bypass security.mac_filtering, security.ipv4_filtering, and security.ipv6_filtering, enabling DHCP pool exhaustion and potential further ...

3.4CVSS7.2AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.5 views

PT-2025-26358 · Unknown · Contentstudio

Name of the Vulnerable Software and Affected Versions: ContentStudio versions 1.3.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For ContentStudio versions 1.3.4 and...

5.3CVSS6AI score0.00249EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.6 views

PT-2025-26354 · Unknown · Thanhtungtnt Video List Manager

Name of the Vulnerable Software and Affected Versions: thanhtungtnt Video List Manager versions 1.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For thanhtungtnt Vide...

5.3CVSS6AI score0.00249EPSS
Exploits0References4
NVD
NVD
added 2025/06/17 3:15 p.m.6 views

CVE-2025-49872

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through = 2.9.4.2...

5.3CVSS0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/17 3:1 p.m.12 views

CVE-2025-49864 WordPress AFS Analytics plugin <= 4.21 - Broken Access Control Vulnerability

Missing Authorization vulnerability in AFS Analytics AFS Analytics addfreestats allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AFS Analytics: from n/a through = 4.21...

5.3CVSS0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.8 views

PT-2025-25724 · Unknown · Afs Analytics

Name of the Vulnerable Software and Affected Versions: AFS Analytics versions through 4.21 Description: The issue is related to a Missing Authorization vulnerability, where AFS Analytics allows accessing functionality not properly constrained by ACLs. Recommendations: For versions through 4.21,...

5.3CVSS5AI score0.00211EPSS
Exploits0References4
NVD
NVD
added 2025/06/06 1:15 p.m.7 views

CVE-2025-30934

Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through = 1.4.16...

5.3CVSS0.00257EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 12:54 p.m.7 views

CVE-2025-30934 WordPress 診断ジェネレータ作成プラグイン plugin <= 1.4.16 - Broken Access Control Vulnerability

Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through = 1.4.16...

5.3CVSS5.7AI score0.00257EPSS
Exploits0References1
NVD
NVD
added 2025/05/23 1:15 p.m.7 views

CVE-2025-47558

Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through 8.6.13...

7.5CVSS0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:16 a.m.11 views

CVE-2024-53708

Missing Authorization vulnerability in kekotron AI Quiz ai-quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through = 1.1...

5.3CVSS7.2AI score0.0053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:59 a.m.7 views

CVE-2023-46630

Improper Authentication vulnerability in wpase Admin and Site Enhancements ASE allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements ASE: from n/a through 5.7.1...

7.5CVSS6.9AI score0.00447EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:9 a.m.11 views

CVE-2023-51542

Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through 3.4.14...

5.3CVSS6.9AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:14 a.m.20 views

CVE-2022-44587

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3...

7.5CVSS6.9AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.7 views

CVE-2020-5836

Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled...

7.8CVSS6.8AI score0.00358EPSS
Exploits0References1
Rows per page
Query Builder