CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

PT-2026-31333

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An incorrect authorization issue in Kibana can lead to cross-space information disclosure through privilege abuse. A user with Fleet agent management privileges in one Kibana space can retriev...

EUVD-2006-2561

Malware in sbrugna...

The vulnerability of the AddPortMapping method in Netgear WNR854T router software allows a hacker to execute arbitrary commands.

The vulnerability of the AddPortMapping method in Netgear WNR854T router microprogramming software lies in the lack of measures to neutralize special elements used in the operating system’s commands when processing the NewInternalClient parameter. Exploiting this vulnerability allows a remote...

CVE-2024-6834

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...

CVE-2024-6834

APIML Spring Cloud Gateway is affected by a vulnerability where proxy requests are unexpectedly signed with Zowe’s client certificate, allowing non-privileged users to access endpoints that require an internal client certificate without any credentials. This can enable an attacker to manage compo...

CVE-2024-6834 Imperative Local Command Injection allows Activity Masking

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...

PT-2024-37893 · Unknown · Apiml Spring Cloud Gateway

Name of the Vulnerable Software and Affected Versions: APIML Spring Cloud Gateway affected versions not specified Description: A vulnerability in APIML Spring Cloud Gateway allows unauthorized access to endpoints that require an internal client certificate. This occurs because the gateway...

PT-2006-3505 · Linksys · Linksys Wrt54Gl Wireless-G Broadband Router

Name of the Vulnerable Software and Affected Versions: Linksys WRT54G Wireless-G Broadband Router affected versions not specified Description: The issue allows remote attackers to bypass access restrictions and conduct unauthorized operations. This is achieved via a UPnP request with a modified...