CVE-2026-42947

CVE-2026-42947 affects Naxclow IoT Platform. A flaw in the onboarding workflow lets an attacker replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account, because endpoints validate request signatures but do not verify legitimate ownership. Practical consequence: a...

CVE-2026-49443

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...

CVE-2025-66170

The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and has access to specific APIs can list backups from any account in the environment...

EUVD-2025-25426

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-11187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the...

CVE-2025-55367

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

CVE-2025-50594

An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password...

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from China-based Growatt. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a complete list of users associated with an arbitrary accou...

PT-2024-10159 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.80 through 10.0.16 Description: GLPI is a free asset and IT management software package. The issue is related to incorrect access control, allowing an authenticated user to use an application endpoint to delete any user accoun...

RPCMS 跨站请求伪造漏洞

RPCMS is a software application. A website CMS system. A security vulnerability exists in RPCMS version v3.0.2, which stems from a vulnerability that allows an attacker to arbitrarily change the password of any account...

Spinnaker 访问控制错误漏洞

Spinnaker is a continuous delivery platform. Used to release software changes with high speed and confidence. Spinnaker has a security vulnerability that stems from the presence of inappropriate privileges in the software that allow for pipeline creation and execution. This allows an arbitrary us...

Apollos Apps 授权问题漏洞

Apollos Apps is an open source platform for distributing church-related applications. Apollos Apps suffers from an authorization issue vulnerability that stems from the fact that new user registrations only need to know basic personal information about anyone name, birthday, gender, etc. in order...