F5 Networks BIG-IP : Appliance mode iControl REST vulnerability (K000160876)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160876 advisory. When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able ...

CVE-2026-30228 Parse Server: File creation and deletion bypasses `readOnlyMasterKey` write restriction

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.5 and 9.5.0-alpha.3, the readOnlyMasterKey can be used to create and delete files via the Files API POST /files/:filename, DELETE /files/:filename. This bypasses the...

CVE-2026-27152 DIscourse has DM communication-preference bypass when adding members

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via Chat::AddUsersToChannel — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipien...

EUVD-2005-2948

Malware in sbrugna...

EUVD-2022-2095

Malicious code in bioql PyPI...

EUVD-2022-24956

Malicious code in bioql PyPI...

PT-2025-21611 · Hitachi · Hitachi Ops Center Analyzer +1

Name of the Vulnerable Software and Affected Versions: Hitachi Infrastructure Analytics Advisor versions 10.0.0-00 through 11.0.4-00 Hitachi Ops Center Analyzer versions 10.0.0-00 through 11.0.4-00 Description: The issue is related to a Bypass Connection Restriction vulnerability in the Data Cent...

CVE-2024-20895

Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features...

CVE-2024-20895

CVE-2024-20895 affects Samsung Mobile devices’ Dar service, where improper access control allows a local attacker to bypass restrictions on calling SDP features. The issue is tied to Dar service prior to SMR Jul-2024 Release 1 and has been addressed by updating to SMR Jul-2024 Release 1 or later....

CVE-2024-20895

Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features...

CVE-2024-23704

In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOWADDWIFICONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

GHSA-335X-5WCM-8JV2 Backoffice User can bypass "Publish" restriction

Impact Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Explanation of the vulnerability Backoffice users without permission to publish content, but only to send for approval, can bypass the restriction by modifying the request...

Node.js 16.x < 16.20.1 / 18.x < 18.16.1 / 20.x < 20.3.1 Multiple Vulnerabilities (Tuesday June 20 2023 Security Releases).

The version of Node.js installed on the remote host is prior to 16.20.1, 18.16.1, 20.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday June 20 2023 Security Releases advisory. - The use of proto in process.mainModule.proto.require can bypass the policy...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3122 Denial-of-service DoS in Message CWE-400 - CVE-2023-26595 CyVDB-3142 Operation restriction bypass vulnerability in Message and Bulletin CWE-285 - CVE-2023-27304 CyVDB-3165 Operation...

EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2022-2090)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c in the Linux kernel. This fla...

Bypass Restriction and File Upload Leads to XSS Stored - TXT to HTML

Description Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file, XSS Stored was obtained when uploading the HTML file. Proof of Concept POST /admin/resources/upload HTTP/1.1 Host: demo-publify.herokuapp.com Cookie:...

CVE-2022-1670

When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users...

function lockFunds in TopUpActionLibrary can cause serious fund lose. fee and Capped bypass. It's not calling stakerVault.increaseActionLockedBalance when transfers stakes.

Lines of code Vulnerability details Impact In function TopUpActionLibrary.lockFunds when transfers stakes from payer it doesn't call stakerVault.increaseActionLockedBalance for that payer so stakerVault.actionLockedBalancespayer is not get updated for payer and...

Samba 4.0.0 Bypass Restriction Vulnerability (CVE-2013-0172)

Samba 4.0.0 as an AD DC may provide authenticated users with write access to LDAP directory objects. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Code injection

On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests t...