72 matches found
Improper Enforcement of Behavioral Workflow
Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow in the privacy request approval process when both subjectidentityverificationrequired and...
Improper Enforcement of Behavioral Workflow
Overview YAFNET.Core is an Open Source Forum solution! The YAF.NET project is an international collaboration of like-minded, skilled, and creative individuals who are striving to make YAF.NET the most robust and malleable forum solutions available. Affected versions of this package are vulnerable...
EUVD-2026-25348
A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continu...
EUVD-2026-9331
Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by...
SUSE CVE-2026-24851
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...
CVE-2026-24095 Missing Permission Check on Analyze Configuration Page
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permissio...
CVE-2026-24851
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...
CVE-2025-13129
The CVE-2025-13129 entry describes an Improper Enforcement of Behavioral Workflow vulnerability in the Onaylarım system from Seneka Software (Seneka Onaylarım). Affects Onaylarım versions 25.09.26.01 through 18112025 and enables Functionality Misuse due to incorrect behavioral workflow enforcemen...
EUVD-2025-38037
Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...
EUVD-2025-34341
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...
CVE-2025-55682
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...
Windows BitLocker Security Feature Bypass Vulnerability
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...
PT-2025-42015
Name of the Vulnerable Software and Affected Versions Windows BitLocker affected versions not specified Description An issue exists in Windows BitLocker related to improper enforcement of behavioral workflow. This allows an unauthorized attacker to bypass a security feature through a physical...
PT-2025-42022
Name of the Vulnerable Software and Affected Versions Windows BitLocker affected versions not specified Description An issue with how behavioral workflow is enforced in Windows BitLocker can allow an unauthorized attacker to bypass a security feature through a physical attack. Recommendations At...
PT-2025-42017
Name of the Vulnerable Software and Affected Versions Windows BitLocker affected versions not specified Description An issue exists in Windows BitLocker related to improper enforcement of behavioral workflow. This allows an unauthorized attacker to bypass a security feature through a physical...
EUVD-2023-23639
Malicious code in bioql PyPI...
EUVD-2025-24848
Malicious code in bioql PyPI...
Privilege Escalation
org.keycloak, keycloak-services is vulnerable to privilege escalation. The vulnerability is due to improper privilege enforcement when Fine-Grained Admin Permissions FGAPv2 are enabled, which allows an attacker with the manage-users role to escalate privileges to realm-admin...
Algorithm Confusion
signxml is vulnerable to an Algorithm Confusion. The vulnerability is due to Improper enforcement of signature algorithm restrictions are not properly enforced when hmackey is set and requirex509 is disabled, allowing an attacker to bypass verification by using a different signing algorithm inste...
CVE-2023-6759
A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely...