CVE-2020-11655

creationtimestamp| type| source ---|---|--- 2026-05-21 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-03...

CVE-2015-3717

creationtimestamp| type| source ---|---|--- 2026-05-21 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-03...

CVE-2020-13434

creationtimestamp| type| source ---|---|--- 2026-05-21 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-03...

CVE-2020-13630

creationtimestamp| type| source ---|---|--- 2026-05-21 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-03...

CVE-2020-13632

creationtimestamp| type| source ---|---|--- 2026-05-21 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-03...

Trend Micro TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞

Trend Micro TrendAI Vision One Endpoint Security – Standard Endpoint Protection is an enterprise endpoint security platform provided by Trend Micro that offers capabilities for detecting terminal threats, antivirus protection, and managing security policies. There are access control vulnerability...

Trend Micro Apex One 访问控制错误漏洞

Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has an access control vulnerability, which stems from a source verification error. This vulnerability may allow local attackers to gain elevated privileges...

PT-2026-42597

Impact The ajax lookup endpoint in application.py bypasses the is accessible access control check that all other endpoints enforce. If a developer restricts model access by overriding is accessible, an authenticated user can still query that model's data through the ajax lookup endpoint — silentl...

MLflow 访问控制错误漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code into repeatable runs, and sharing and deploying models. Versions of mlflow prior to 3.9.0 contained a access control vulnerability. This vulnerability...

Concrete CMS 访问控制错误漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier contained a access control vulnerability caused by unvalidated page metadata exposure. This vulnerability could lead to the disclosure of titles, paths, descriptions, and...

Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞

Trend Micro Apex One and TrendAI Vision One Endpoint Security – Standard Endpoint Protection are products of Trend Micro, a US-based company. Trend Micro Apex One is a terminal protection software. TrendAI Vision One Endpoint Security – Standard Endpoint Protection is an enterprise terminal...

Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞

Trend Micro Apex One and TrendAI Vision One Endpoint Security – Standard Endpoint Protection are products of Trend Micro, a US-based company. Trend Micro Apex One is a terminal protection software. TrendAI Vision One Endpoint Security – Standard Endpoint Protection is an enterprise terminal...

PT-2026-42675

Summary The OAuth token strategy attached oauth scope and oauth granted resources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited the full permissions of the underlying user across all routes; the...

WordPress plugin HAPPY 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Honeywell Control Network Module 安全漏洞

The Honeywell Control Network Module is a network communication control module developed by the American company Honeywell, aimed at industrial automation and process control systems. The Honeywell Control Network Module has a security vulnerability, which stems from command injection in the web...

PosCube QR Menu 安全漏洞

PosCube QR Menu is a QR code electronic menu and ordering management system for the catering industry developed by the Turkish company PosCube. The versions of PosCube QR Menu dated back to May 21052026 and earlier contained a security vulnerability. This vulnerability stemmed from an authorizati...

PT-2026-42619

Summary mcp-server-kubernetes exposes three environment variables ALLOW ONLY READONLY TOOLS, ALLOW ONLY NON DESTRUCTIVE TOOLS, ALLOWED TOOLS documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer tools/list...

PowerDNS Authoritative 访问控制错误漏洞

PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has a vulnerability related to access control, which stems from incorrect behavior in the view of TCP PROXY requests...

Trend Micro Apex One 访问控制错误漏洞

Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has an access control vulnerability, which stems from a source verification error. This vulnerability may allow local attackers to gain elevated privileges...

PT-2026-42657

Name of the Vulnerable Software and Affected Versions UniFi OS Server versions prior to 5.0.8 Description An improper access control flaw exists in UniFi OS Server. The issue occurs because nginx evaluates the raw request URI for authentication purposes but performs routing using the normalized...