219118 matches found
CVE-2026-8043
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...
CVE-2024-30151
HCL BigFix Service Management SX is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system...
CVE-2026-45746
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend...
EUVD-2026-34874
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend...
CVE-2026-45746
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend...
CVE-2026-45746 Termix Vulnerable to Arbitrary Command Execution via Session Hijacking
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend...
CVE-2026-45746
Termix prior to v2.3.2 exposes a critical Broken Access Control in the File Manager due to improper validation of the sessionId, allowing a client-controlled session identifier to access other users’ File Manager sessions tied to SSH connections. This can lead to unauthorized interaction with rem...
CVE-2025-71318
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...
CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...
vantage6 node has an Improper Access Control issue
Impact Malicious algorithms can potentially access other algorithms input and output files. Patches Todo Workarounds Verify and restrict the algorithm containers that are allowed to run on your node. See here on how to do this. References https://docs.vantage6.ai/usage/running-the-node/security F...
GHSA-X9F6-9RVM-MMRG vantage6 node has an Improper Access Control issue
Impact Malicious algorithms can potentially access other algorithms input and output files. Patches Todo Workarounds Verify and restrict the algorithm containers that are allowed to run on your node. See here on how to do this. References https://docs.vantage6.ai/usage/running-the-node/security F...
K000161612: Golang vulnerabilities CVE-2025-4674 and CVE-2025-61724
Security Advisory Description CVE-2025-4674 The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contai...
OESA-2026-2542 python-pip security update
pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...
GHSA-2R75-CXRJ-CMPH wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
Summary In wasmtime-wasi, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this wasmtime-wasi enforced access control mechanism can be bypassed by using the wasip2 descriptor.open-at or wasip1 pathopen interfaces by opening a file with...
wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
Summary In wasmtime-wasi, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this wasmtime-wasi enforced access control mechanism can be bypassed by using the wasip2 descriptor.open-at or wasip1 pathopen interfaces by opening a file with...
CVE-2026-6209
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-6209
...
EUVD-2026-34841
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-6209
CVE-2026-6209 is rejected/not used; this ID does not represent an active vulnerability entry.
CVE-2026-21028
Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...