PT-2026-44747

Name of the Vulnerable Software and Affected Versions Breeze versions prior to 2.5.3 Description Improper verification of the wordpress logged in cookie in the inc/cache/execute-cache.php file occurs when the "Cache Logged-in Users" setting is enabled. The plugin uses the substr function to parse...

Incorrect Authorization

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Incorrect Authorization via the OAuthTokenStrategy in the authentication component. An attacker can access endpoints reserved for other token types or privileged users by presenting an OAuth token to routes that accep...

CVE-2026-40431

A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same...

GHSA-PV87-R9QF-X56P AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...

CVE-2020-37094

EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and...

MiracleLinux 9 : ipa-4.12.2-1.el9_5.3 (AXSA:2025-9559:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9559:01 advisory. freeipa: Administrative user data leaked through systemd journal CVE-2024-11029 Tenable has extracted the preceding description block directly from the...

BIT-MOODLE-2025-62395 Moodle: external cohort search service leaks system cohort data

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

CVE-2025-62395

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

UBUNTU-CVE-2025-62395

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

Access Control Bypass

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to the improperly enforced context-based capability checks in the external cohort search. An attacker can access restricted administrative data by leveraging permissions in...

CVE-2025-62395 Moodle: external cohort search service leaks system cohort data

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

EUVD-2025-35666

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

EUVD-2007-2687

Malware in sbrugna...

EUVD-2022-2045

Malicious code in bioql PyPI...

The vulnerability of the Thunderbird email client, related to insufficient protection of administrative data, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Thunderbird email client is related to insufficient protection for administrative data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the queryHardwareReportLocally method in the HPE StoreOnce VSA virtual storage system allows a attacker to execute arbitrary code.

The vulnerability of the queryHardwareReportLocally method in the HPE StoreOnce VSA virtual storage system is related to the lack of measures taken to manage data at the administrative level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2017-15680

In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data...

The vulnerability of the Thunderbird email client, related to insufficient protection of administrative data, allows attackers to upload arbitrary files.

The vulnerability of the Thunderbird email client is related to insufficient protection for administrative data. Exploiting this vulnerability allows a remote attacker to upload arbitrary files...

The vulnerability of the Microsoft Outlook for Android client, related to insufficient protection of administrative data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Microsoft Outlook for Android client is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the SINEMA Remote Connect VPN service, related to the lack of data cleansing at the management level, allows a perpetrator to execute arbitrary codes.

The vulnerability of the SINEMA Remote Connect VPN service lies in the lack of measures taken at the administrative level for data cleansing. Exploiting this vulnerability could allow an attacker to execute arbitrary commands with system privileges...