3624 matches found
Eclipse Equinox OSGi 访问控制错误漏洞
Eclipse Equinox OSGi is a modular runtime framework developed by the Eclipse Foundation. Versions 3.8 to 3.18 of Eclipse Equinox OSGi contain access control vulnerability issues. This vulnerability stems from a remote code execution flaw in the console interface, allowing unauthenticated attacker...
Arbitrary Command Injection
Claude Code is vulnerable to Arbitrary Command Injection. The vulnerability is due to lack of validation of the git worktree commondir file when determining folder trust, which allows an attacker to bypass trust checks and execute malicious hooks...
Nginx UI 访问控制错误漏洞
Nginx UI is a web interface for Nginx developed by Jacky. Version 2.3.5 of Nginx UI contains an access control vulnerability, which stems from unauthenticated privilege escalation during the initial installation process via the POST /api/install endpoint...
Rdiffweb 访问控制错误漏洞
Rdiffweb is a web application personally developed by Patrik Dufresne from the United States. It allows for quick access to your files through an efficient web interface. Versions of Rdiffweb prior to 2.10.5 contained a security vulnerability related to access control. This vulnerability stemmed...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state CVE-2026-23136 kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of...
CVE-2026-42377 WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...
SonicWALL SonicOS 访问控制错误漏洞
SonicWALL SonicOS is an operating system developed by the American company SonicWALL, specifically for use with SonicWall firewall devices. There is a security vulnerability in SonicWall SonicOS related to access control mechanisms. This vulnerability may allow certain management interfaces to be...
OpenClaw 访问控制错误漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained a access control vulnerability, which was caused by a wide-area discovery vulnerability. This vulnerability allowed arbitrary tailnet peers to be accepted as DNS...
deskflow 访问控制错误漏洞
Deskflow is an open-source tool for sharing keyboards and mice across devices. Versions of Deskflow such as 1.20.0, 1.26.0.134, and earlier had access control vulnerabilities. These vulnerabilities stemmed from the Deskflow daemon running as the SYSTEM account, exposing IPC named pipes that have...
ClassroomIO.com 访问控制错误漏洞
ClassroomIO.com is an educational platform developed by ClassroomIO as open source. Version 0.1.13 of ClassroomIO.com contains a vulnerability related to access control. This vulnerability arises from ineffective access control, allowing low-privilege student users who are authenticated to access...
SenseLive X3050 访问控制错误漏洞
The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability. This vulnerability stems from the Web management interface, which allows modification of critical configuration...
Microsoft Partner Center Access Control Vulnerability
Microsoft Partner Center is a Microsoft partner management platform for partners to manage customers, subscriptions and billing. An access control vulnerability exists in Microsoft Partner Center. The vulnerability stems from a failure to properly validate user privileges, resulting in improper...
SenseLive X3050 访问控制错误漏洞
The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability, which stems from the exposure of management protocols via the discovery function. This vulnerability could allo...
Microsoft Partner Center 访问控制错误漏洞
Microsoft Partner Center is a Microsoft partner management platform for partners to manage customers, subscriptions and billing. An access control vulnerability exists in Microsoft Partner Center. The vulnerability stems from a failure to properly validate user privileges, resulting in improper...
EUVD-2026-24235
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files an...
NVIDIA KAI Scheduler 访问控制错误漏洞
NVIDIA KAI Scheduler is an AI-based computing task scheduling system developed by NVIDIA Corporation. NVIDIA KAI Scheduler has a vulnerability related to access control, which stems from unauthorized access to API endpoints, potentially leading to information leakage...
CVE-2026-40730
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through = 2.0.0.6...
CVE-2025-40897
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...
PT-2026-33014
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...
WordPress plugin ThemeGrill Demo Importer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...