99 matches found
EUVD-2026-30599
phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...
CVE-2026-46362
phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...
CVE-2026-0802
An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...
CVE-2026-0802
An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...
CVE-2026-0804
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...
CVE-2026-5454 GRID Organiser App co.gridapp.organiser app.json hard-coded key
A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is...
CVE-2026-33028
CVE-2026-33028 affects Nginx UI, prior to version 2.3.4. The issue is a race condition caused by a lack of synchronization (mutex) and non-atomic writes to the primary configuration file (app.ini), leading to persistent DoS and a non-deterministic path for potential RCE via configuration cross-co...
nginx-ui has Race Condition that Leads to Persistent Data Corruption and Service Collapse
The nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms Mutex and non-atomic file writes, concurrent requests lead to the severe corruption of the primary configuration file app.ini. This vulnerability results in a persistent Denial of...
CVE-2025-60949 Census CSWeb leaked configuration files
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...
PT-2026-22425
Name of the Vulnerable Software and Affected Versions openDCIM version 23.04 through commit 4467e9c4 Description The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. This allows any authenticated user to access the functionality...
CVE-2025-8108
An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the...
EUVD-2025-74045
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...
CVE-2025-8108
An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that stems from insufficient validation of ACAP configuration file inputs, which could lead to arbitrary code execution...
PT-2025-46309
Name of the Vulnerable Software and Affected Versions Axis Communications devices affected versions not specified Description An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This issue can only be exploited if...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that stems from insufficient validation of ACAP configuration file inputs, which could lead to path traversal attacks and elevation of privilege...
CVE-2025-56802
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...
EUVD-2019-13817
Malware in sbrugna...
EUVD-2017-9768
Malware in sbrugna...
EUVD-2020-10393
Malware in sbrugna...