CVE-2026-35503

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these...

CVE-2026-35503 SenseLive X3050 Use of Hard-coded Credentials

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these...

PT-2026-5377

A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication...

EUVD-2007-0870

Malware in sbrugna...

EUVD-2004-2550

Malware in sbrugna...

EUVD-2025-15994

Malicious code in bioql PyPI...

EUVD-2025-1684

Malicious code in bioql PyPI...

CVE-2025-24332 Authenticated admin user can connect baseband internally from one board to another without needing to re-authentication

Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband system board to the baseband capacity board...

CVE-2024-44765

An Improper Authorization Access Control Misconfiguration vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality...

CVE-2024-45170

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, acces...

Authorization Bypass

pixelfed/pixelfed is vulnerable to Authorization Bypass. The vulnerability is due to insufficient checks during request processing, allowing attackers to access and potentially modify administrative and moderator functionalities beyond intended user permissions...

CVE-2024-25108 Insufficient authorization allowing elevated access to resources in pixelfed

Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This...

Authentication flaw

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header...

FusionPBX Command (exec.php) Command Execution Exploit

This Metasploit module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This...

FusionPBX Command exec.php Command Execution

This module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has bee...

GHSA-2HXV-MX8X-MCJ9 Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. Spina::ApplicationController actions didn't have CSRF protection. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating...

Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. Spina::ApplicationController actions didn't have CSRF protection. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating...

Cross-site request forgery (CSRF) vulnerability in Spina gem

"Spina::ApplicationController actions didn't have CSRF protection. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating users, changing passwords, and media management."...

Mitsubishi Electric GB-50A - Multiple Remote Authentication Bypass Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28406/info The Mitsubishi Electric GB-50A is prone to multiple authentication-bypass vulnerabilities. Successful exploits will allow unauthorized attackers to gain access to administrative functionality and completely...

WP-Footnotes 2.2 WordPress Plugin Multiple Remote Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27572/info WP-Footnotes plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. The plugin also insecurely exposes...