1088 matches found
NVIDIA Riva Triton Inference Server Missing Authentication Vulnerability
This vulnerability allows remote attackers to access protected functionality on affected installations of NVIDIA Riva. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the Triton Inference Server. The issue results from the lack of...
Rembg CORS misconfiguration
Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...
CVE-2025-27601
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...
CVE-2025-27601
CVE-2025-27601 concerns Umbraco in the API management package, where an improper API access control allows low-privilege authenticated users to create and update data type information restricted to settings-access users. Affected are Umbraco.Cms.Api.Management versions prior to 14.3.3 and 15.2.3....
CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...
CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...
CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...
Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality
Impact An improper API access control issue has been identified, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. Patches Will be patched in 14.3.3 and 15.2.3. Workarounds None available...
GHSA-6FFG-MJG7-585X Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality
Impact An improper API access control issue has been identified, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. Patches Will be patched in 14.3.3 and 15.2.3. Workarounds None available...
PT-2025-10768 · Fortinet · Fortindr
Name of the Vulnerable Software and Affected Versions: Fortinet FortiNDR versions 7.1.0 through 7.1.1 Fortinet FortiNDR versions 7.2.0 through 7.2.1 Fortinet FortiNDR version 7.4.0 Fortinet FortiNDR versions prior to 7.0.5 Description: A cross-site request forgery vulnerability in Fortinet FortiN...
Umbraco 安全漏洞
Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. A security vulnerability exists in Umbraco version 15.2.3 and prior to version 14.3.3, which stems from improper API access control and could lead to the creation and updating of data type information by a...
CVE-2025-27623
A flaw was found in Jenkins. Affected versions of Jenkins do not redact encrypted values of secrets when accessing the config.xml of views via REST API or CLI. This flaw allows attackers with view/read permission to view encrypted values of secrets...
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI. This allows attackers with View/Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted values of...
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...
CVE-2025-27623
Jenkins security issue CVE-2025-27623 affects Jenkins versions 2.499 and earlier and LTS 2.492.1 and earlier. The root cause is an encryption handling flaw that fails to redact encrypted secret values in view configuration when accessed via REST/CLI through config.xml, enabling users with View/Re...
CVE-2025-27622
CVE-2025-27622 affects Jenkins 2.499 and earlier, and LTS 2.492.1 and earlier, where encrypted values of secrets stored in agent configuration (config.xml) are not redacted when accessed via REST API or CLI. An attacker with Agent/Extended Read permission can view these encrypted secret values. T...
CVE-2025-27622
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...
CVE-2025-27622
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...
CVE-2025-27641
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009...
Improper Authorization
mautic/core is vulnerable to Improper Authorization. The vulnerability is due to improper enforcement of access controls, allowing any authenticated user to bypass reporting permissions and access all reports via the API...