OWASP_Top10_Web_Pentest

🔓 Week 04 — Web Application Penetration Testing OWASP Top 10...

CVE-2026-45210

Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through = 1.52.2...

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from access control flaws in the API for retrieving OSS file service URLs, which...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 访问控制错误漏洞

The Mesalvo Meona Client Launcher Component and the Mesalvo Meona Server Component are both products of the Mesalvo company. The Mesalvo Meona Client Launcher Component is a component designed for launching clients of medical information systems and facilitating application access. The Mesalvo...

UBUNTU-CVE-2026-3074

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

Crabbox 安全漏洞

Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.12.0 contained security vulnerabilities. These vulnerabilities were due to insufficient access control checks, allowing users with access through shared...

Northern.tech CFEngine Enterprise 安全漏洞

Northern.tech CFEngine Enterprise is a multi-functional solution developed by Northern.tech, designed for automatically performing daily tasks. Versions prior to 3.21.8, 3.24.3, and 3.27.0 of Northern.tech CFEngine Enterprise contain security vulnerabilities due to incorrect access control...

Apple多款产品 安全漏洞

Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

VEGA VEGAPULS 6X 访问控制错误漏洞

VEGA VEGAPULS 6X is a series of radar level measurement sensors from the German company VEGA. The VEGA VEGAPULS 6X features two-wire PROFINET, Modbus TCP, and OPC UA interfaces. There are access control vulnerability issues associated with these devices; these vulnerabilities stem from insecurely...

Totara LMS 安全漏洞

Totara LMS is an learning management system provided by the Totara company. Versions of Totara LMS prior to v19.1.5 contained security vulnerabilities. These vulnerabilities were due to improper access control, which could allow attackers to manipulate the login page code and launch brute-force...

ROS-20260410-73-0013

Vulnerability in curl related to access control flaws. Exploitation of the vulnerability could allow an attacker to escalate privileges...

CVE-2026-39543

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.21.4...

Kaleris Yard Management Solutions 安全漏洞

Kaleris Yard Management Solutions is a management system developed by the American company Kaleris, designed to optimize the scheduling of station vehicles and logistics operations. Version 7.2.2.1 of Kaleris Yard Management Solutions contains a security vulnerability. This vulnerability stems fr...

EUVD-2025-209205

An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the...

ROS-20260327-73-0016

Vulnerability in golang related to access control flaws. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

Drupal AJAX Dashboard 安全漏洞

Drupal AJAX Dashboard is an ajax dashboard developed by the Drupal company. Versions of Drupal AJAX Dashboard prior to 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication for critical functions, which could lead to security breaches due to...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.2.0 contained security vulnerabilities. These vulnerabilities were due to access control flaws in the API, which could allow authenticated users to read arbitrary task comments...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.25 contained security vulnerabilities. These vulnerabilities stemmed from access control issues in signal reaction notification processing, which could allow unauthorized sender...

ROS-20260318-73-0004

Vulnerability in busybox related to access control flaws. Exploitation of the vulnerability could allow an attacker to escalate privileges...