66 matches found
Cacti 1.2.24 - SQL Injection
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...
CVE-2026-49367
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account...
CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...
CVE-2026-0653 Insecure Access Control on TP-Link Tapo D235 and C260
On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002451)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002451 advisory. The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service host OS panic or hang by...
CVE-2021-28150
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf with the administrator password and other sensitive data via /backup2.cgi...
CVE-2021-0602
In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio...
CVE-2019-7176
An issue was discovered in GitLab Community and Enterprise Edition 8.x starting in 8.9, 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility...
CVE-2025-69284 In plane.io, a Guest User to a Workspace can still be able to see list of members
Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https://app.plane.so/:slug/settings. Prior to Plane version 1.2.0, a problem occurs when the /api/workspaces/:slug/members/ is accessible by guest and able to list of users on a...
Plane 访问控制错误漏洞
Plane is an open source, self-hosted project planning tool from Plane Open Source. An access control error vulnerability exists in versions of Plane prior to 1.2.0, which stems from a guest user being able to access a list of members of a specific workspace and recognize an administrator's email...
EUVD-2020-12613
Malware in sbrugna...
EUVD-2017-7062
Malware in sbrugna...
EUVD-2017-7817
Malware in sbrugna...
EUVD-2019-13654
Malware in sbrugna...
EUVD-2018-11270
Malware in sbrugna...
EUVD-2017-15620
Malware in sbrugna...
EUVD-2019-16348
Malware in sbrugna...
EUVD-2007-1179
Malware in sbrugna...
EUVD-2020-5531
Malware in sbrugna...
EUVD-2020-5606
Malware in sbrugna...