EUVD-2025-16492

Malicious code in bioql PyPI...

PT-2025-33845 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions 2.8.0 and earlier Description: The application checks the userRole for "admin" privileges only when accessing the /admin page, but not its subroutes. Specifically, the check is performed in routes/adminPanel.py, but not in...

Improper access control

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...

Improper Access Control in alanaktion/mchostpanel

✍️ Description The php file install.php creates an admin account using POST parameter user, pass, dir, ram, port without any access control enforced nor check if the admin account has been created nor check if the file .installed exists before account creation. It is possible for any network user...

CVE-2020-21990

CVE-2020-21990 affects MyDomoAtHome REST API (Domoticz ISS Gateway) v0.2.40. The root cause is improper access control enforcement, allowing unauthenticated remote attackers to craft requests to gain access to sensitive information. Public sources in connected records describe an information-disc...

CVE-2016-10852

cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem SEC-85...

Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...