CVE-2025-10681

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers...

CVE-2025-10681

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers...

CVE-2025-10681

Gardyn CVE-2025-10681 affects the Gardyn mobile app and device firmware, which hardcode Azure Blob Storage account keys granting account‑level access to three storage accounts. Impact includes read access to ~115k camera images, read/write to OTA firmware storage (enabling supply chain risk), acc...

Owl Cyber Defense OPDS 安全漏洞

Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation in the United States. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a security vulnerability, which stems from improper allocation of permissions for critical resources, potentially leading to fil...

PT-2025-44623

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 Description The software may allow a non-root user to gain elevated privileges within a container environment. This is due to the application running with unnecessary...

CVE-2025-54086

CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges require...

EUVD-2025-32210

Malicious code in bioql PyPI...

CVE-2025-54086

CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges require...

CVE-2025-54086

CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges require...

CVE-2025-54086 Excess Permissions in Warehouse

CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges require...

CVE-2025-54086 Excess Permissions in Warehouse

CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges require...

CVE-2025-54086

CVE-2025-54086 affects Absolute Secure Access, Warehouse component, prior to version 14.10. The vulnerability is an excess-permissions issue enabling attackers with local file-system access to read the Java keystore file. Severity: CVSS 3.1 Base 3.3 (LOW) to CVSS 4.0 Base 5.3 (MEDIUM) depending o...

PT-2025-40420

Name of the Vulnerable Software and Affected Versions Absolute Secure Access versions prior to 14.10 Description An excess permissions issue exists within the Warehouse component. An attacker who has access to the local file system can read the Java keystore file. The attack complexity is low, an...

CVE-2024-5042

A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster...

CVE-2018-2361

In SAP Solution Manager 7.20, the role SAPBPOCONFIG gives the Business Process Operations BPO configuration user more authorization than required for configuring the BPO tools...

Shopify: S3 Buckets open to the world thanks to 'Authenticated Users' ACL

Some of Shopify's Amazon S3 buckets were inadvertently left with "Any Authenticated AWS User" read or write permissions, allowing users outside of Shopify to access the buckets. The excess permissions have been removed...

Design/Logic Flaw

Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin NSL 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes."...

CVE-2007-2475

Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin NSL 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes."...

CVE-2007-2475

Affected product: Novell SecureLogin (NSL) 6 SP1 prior to 6.0.106, specifically the ADSCHEMA utility. Issue: A vulnerability that permits a user to gain excessive permissions to their own attributes in an Active Directory (AD) environment. Impact/notes: The vulnerability is described in the conne...