CVE-2024-27891

On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied...

CLSA-2026-1779436377 cups: Fix of CVE-2026-27447

CVE-2026-27447: fix authorization bypass in cupsd by replacing case-insensitive username comparisons with byte-exact strcmp against pw-pwname; also include upstream follow-up commit 849fba7d "Fix unauthenticated print policies", Issue 1557 to restore behavior for CUPSDAUTHNONE policies with named...

Astra Linux - уязвимость в ovn

A flaw was discovered in the Open Virtual Network OVN. Specifically, specially crafted UDP packets may bypass egress access control lists ACLs in OVN installations that are configured with a logical switch equipped with DNS records. This occurs if the same switch has any egress ACLs configured...

SUSE CVE-2026-31432

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERYINFO for compound requests When a compound request such as READ + QUERYINFOSecurity is received, and the first command READ consumes most of the response buffer, ksmbd could write beyond the allocated...

CVE-2026-32680

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

Hallo Welt! BlueSpice 安全漏洞

Hello Welt! BlueSpice is a corporate knowledge base management software developed by the German company Hallo Welt!. There is a security vulnerability in BlueSpice, which stems from improper permission allocation for files and directories that are accessible from outside, as well as critical...

CVE-2026-21863

Valkey (distributed key-value DB) contains a bug in the clusterbus packet processing: before reading a clusterbus ping extension, the code may read outside the buffer if an invalid packet is sent to the clusterbus port. This can be exploited by a malicious actor with access to the clusterbus port...

Dinosoft ERP 访问控制错误漏洞

Dinosoft ERP is an enterprise resource planning platform developed by the Turkish company Dinosoft. Versions of Dinosoft ERP from 3.0.1 up to 11022026 contained a security vulnerability related to access control. This vulnerability stemmed from the lack of authentication for critical functions an...

CVE-2025-39561

Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5...

WordPress plugin LoginWP - Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

CVE-2025-34332 AudioCodes Fax/IVR Appliance <= 2.6.23 Insecure Service Control Scripts LPE

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\F2MAdmin\F2E\AudioCodesfiles\utils\Services. When certain service actions are...

EUVD-2020-24457

Malware in sbrugna...

EUVD-1999-1287

Malware in sbrugna...

EUVD-2005-2772

Malware in sbrugna...

EUVD-1999-0445

Malware in sbrugna...

CVE-2025-10491

The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 a...

Linux Distros Unpatched Vulnerability : CVE-2018-1318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server ATS 6.0.0 t...

CVE-2025-43732

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...