CVE-2025-47555

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.4...

Quick Heal Antivirus Pro 安全漏洞

Quick Heal Antivirus Pro is an antivirus software from Quick Heal India. A security vulnerability exists in Quick Heal Antivirus Pro version 24.1.0.182 and prior versions, which stems from the presence of faulty access control that allows an authenticated attacker with low-level privileges to...

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara. A security vulnerability exists in Kashipara Music Management System version v1.0, which stems from faulty access control in /music/ajax.php?action=deletegenre, which could allow an unauthenticated attacker to delete...

Northern.tech Mender security breach

Northern.tech Mender is a secure and reliable remote update solution from Northern.tech, Inc. for connected devices of any size. A security vulnerability exists in Northern.tech Mender that stems from the presence of faulty access control, resulting in an attacker privilege that can be escalated...

The vulnerability of the kruise-daemon component in the Kubernetes Kruise automation application allows a malicious individual to gain unauthorized access to protected information and increase their privileges.

The vulnerability of the kruise-daemon component in the Kubernetes application automation tool involves deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information and increase their privileges...

Lustre Security Vulnerabilities

Lustre is a Lustre community effort to provide a globally consistent POSIX-compatible distributed parallel file system for large-scale computing systems. A security vulnerability exists in Lustre versions 2.13.x through prior to 2.15.4, which stems from a vulnerability that could allow an attacke...

CVE-2023-48859

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code...

ieGeek IG20 安全特征问题漏洞

The ieGeek IG20 is a webcam from ieGeek. A security vulnerability exists in the ieGeek IG20 hipcam RealServer version V1.0, which stems from a predictability flaw in the algorithm that generates the device id uid as a result of its faulty access control, allowing a remote attacker to directly...

Sysaid Technologies SysAid 安全漏洞

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. Sysaid Technologies Sysaid suffers from a security vulnerability that stems from faulty access control. An attacker can exploit the vulnerability to receive sensitive data such as server...

Autumn 安全漏洞

Autumn is a collection of Web subsystems designed to provide general purpose Web system solutions. A security vulnerability exists in Autumn v1.0.4 and earlier versions that stems from incorrect access control. The vulnerability allows remote attackers to obtain plaintext login credentials via th...

Samsung SMR 安全漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A path traversal vulnerability exists in versions prior to SMR APR-2021 Release 1, which stems from faulty access control and can be exploited by an attacker to read or write...

Intel PAC with Arria 10 GX FPGA Elevation of Privilege Vulnerability

Intel PAC with Arria 10 GX FPGA and Intel Acceleration Stack are both products of Intel Corporation, U.S.A. Intel PAC with Arria 10 GX FPGA is a programmable acceleration card that uses Intel Arria 10 GX FPGAs Field Programmable Gate Arrays. Intel Acceleration Stack is an acceleration stack that...

Grafana Code Issues Vulnerabilities

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A remote code execution vulnerability exists in the avatar feature in Grafana versions...

ONAP Service Design and Creation Code Injection Vulnerability

ONAP Service Design and Creation SDC is a set of visual modeling and design tools for the ONAP project. A code injection vulnerability exists in ONAP SDC Dublin and prior versions that stems from faulty access control. A remote attacker can exploit this vulnerability by accessing port 7000 of the...

ONAP Service Design and Creation Code Injection Vulnerability (CNVD-2020-24673)

ONAP Service Design and Creation SDC is a set of visual modeling and design tools for the ONAP project. A code injection vulnerability exists in ONAP SDC Dublin and prior versions that stems from faulty access control. A remote attacker can exploit this vulnerability by accessing port 7001 of the...

IBM Daeja ViewONE Arbitrary File Download Vulnerability

IBM Daeja ViewONE Virtual, Daeja ViewONE Standard, and Daeja ViewONE Professional are all products of IBM Corporation of the U.S.A. IBM Daeja ViewONE Virtual is a document viewer that supports TIFF, PDF, and Office-based documents. IBM Daeja ViewONE Virtual is a document viewer that supports TIFF...