161 matches found
CVE-2026-25720 SenseLive X3050 Insufficient session expiration
A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continu...
PT-2026-34795
A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continu...
EUVD-2026-22047
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...
CVE-2026-40041 Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...
CVE-2026-1267
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls...
CVE-2026-22207
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...
CVE-2026-22207
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...
CVE-2026-22207 OpenViking Missing root_api_key Allows Anonymous ROOT Access
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...
CVE-2026-22207
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...
CVE-2026-22207
OpenViking up to version 0.1.18 (pre-commit 0251c70) contains a broken access control flaw that lets unauthenticated attackers gain ROOT privileges when root_api_key is omitted. Attackers can reach protected endpoints without authentication headers to perform administrative actions including acco...
CVE-2026-24434
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...
CVE-2026-1364 JNC|IAQS and I6 - Missing Authentication
IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities...
CVE-2020-12106
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point...
CVE-2023-40730
A vulnerability has been identified in QMS Automotive All versions V12.39. The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a denial-of-service...
CVE-2025-64055
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device e.g. file upload, firmware update, reboot... via a crafted authentication bypass...
EUVD-2009-1225
Malware in sbrugna...
EUVD-2008-6605
Malware in sbrugna...
EUVD-2012-1838
Malware in sbrugna...
EUVD-2012-2549
Malware in sbrugna...
EUVD-2015-8172
Malware in sbrugna...