42 matches found
CVE-2025-55142
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...
CVE-2025-55142
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...
CVE-2025-55141
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...
CVE-2025-55141
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...
CVE-2025-55141
The CVE-2025-55141 issue affects Ivanti Connect Secure (before 22.7R2.9 or 22.8R2), Ivanti Policy Secure (before 22.7R1.6), Ivanti ZTA Gateway (before 2.8R2.3-723), and Ivanti Neurons for Secure Access (before 22.8R1.4). Root cause: missing authorization that allows a remote authenticated attacke...
Ivanti多款产品 安全漏洞
Ivanti Connect Secure ICS and others are products of Ivanti Corporation, U.S.A. Ivanti Connect Secure is a secure remote network connection tool.Ivanti Policy Secure IPS is a network access control NAC solution.Ivanti Neurons is Ivanti Neurons is a groundbreaking platform that simplifies and...
PT-2025-36747
Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.9 Ivanti Policy Secure versions prior to 22.7R1.6 Ivanti ZTA Gateway versions prior to 2.8R2.3-723 Ivanti Neurons for Secure Access versions prior to 22.8R1.4 Description: A missing authorization...
CVE-2025-39545 WordPress WordPress REST API Authentication <= 3.6.3 - Settings Change Vulnerability
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3...
golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...
golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...
The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution is related to improper access control, allowing attackers to circumvent existing access restrictions policies.
The vulnerability of cloud-based software for creating and using Nextcloud Server storage involves changes made by administrators to the authentication settings of external storage configured by users. Exploiting this vulnerability allows a malicious actor to circumvent existing access control...
CVE-2023-33254
There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an...
PT-2023-9106 · D Link · D-Link Dap-2622
Name of the Vulnerable Software and Affected Versions: D-Link DAP-2622 affected versions not specified Description: The issue is related to the lack of authentication for a critical function in the DDP service of the D-Link DAP-2622 wireless access point's firmware. This allows a remote attacker ...
CVE-2022-31790
WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...
CVE-2022-31790
WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...
Envoy 信任管理问题漏洞
Envoy is an open source distributed proxy server. Envoy is vulnerable to a trust management issue, which stems from the fact that Envoy's tls allows certain certificate authentication settings to be reused after they have been changed from their default configuration. No detailed vulnerability...
New Admin Portal for Akamai Enterprise Application Access
The definition of a user has evolved to comprise much more than an employee, making secure access to the right application, for the right user, at the right time difficult and complex. Akamai Enterprise Application Access EAA is a unique cloud architecture that closes all inbound firewall ports,...
The vulnerability of the Dovecot mail server, related to errors in SASL authentication settings, allows attackers to cause service interruptions.
The vulnerability of the Dovecot mail server is related to errors in setting up SASL authentication. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
CVE-2019-15999
A vulnerability in the application environment of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform JBoss EAP on an affected device. The vulnerability is due to an incorrect configuration o...
CVE-2019-15999 Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability
A vulnerability in the application environment of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform JBoss EAP on an affected device. The vulnerability is due to an incorrect configuration o...