38 matches found
EUVD-2025-6862
Malicious code in bioql PyPI...
CVE-2022-24972
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...
The vulnerability of the Fullscreen component in Google Chrome and Microsoft Edge browsers allows a malicious actor to gain unauthorized access to limited functionality.
The vulnerability of the Fullscreen component in Google Chrome and Microsoft Edge is related to lack of access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to limited functionality...
File Integrity Manipulation
psitransfer is vulnerable to File integrity Manipulation. The vulnerability is due to the lack of proper access controls or restrictions on the endpoint designed for uploading files, allowing an attacker with the file distribution ID to alter the files within that distribution...
The vulnerability of the Makves DCAP software lies in its lack of access control mechanisms, allowing attackers to bypass existing security restrictions.
The vulnerability of the Makves DCAP software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...
CVE-2022-24972
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...
CVE-2022-24972
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...
Upgraded Q -> 2 from #179 [1679871876484]
Judge has assessed an item in Issue 179 as 2 risk. The relevant finding follows: L-14 Lack of access control in setVault function leave it vulnerable to frontrunning attack --- The text was updated successfully, but these errors were encountered: All reactions...
The vulnerability of ShareFile’s software for working with content-related features, due to lack of access control mechanisms, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of software for working with ShareFile content is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...
VMware vRealize Operations CaSA Improper Access Control Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vRealize Operations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...
FreeBSD : Gitlab -- Multiple Vulnerabilities (b299417a-5725-11ec-a587-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b299417a-5725-11ec-a587-001b217b3468 advisory. - Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4...
PT-2021-16026 · WordPress · Wplms
Name of the Vulnerable Software and Affected Versions: The WP LMS – Best WordPress LMS Plugin versions 1.1.2 and earlier Description: The issue arises from the plugin's failure to properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Additionally, the lack ...
Possible DoS attack when creating Joins in Wand
Handle shw Vulnerability details Impact It is possible for an attacker to intendedly create a fake Join corresponding to a specific token beforehand to make Wand unable to deploy the actual Join, causing a DoS attack. Proof of Concept The address of Join corresponding to an underlying asset is...
The vulnerability of the Console component of the Oracle WebLogic Server application server allows a attacker to gain full control over the application.
The vulnerability of the Console component of the Oracle WebLogic Server application lies in its lack of access control mechanisms. Exploiting this vulnerability allows an attacker, operating remotely, to gain full control over the application using the HTTP protocol...
U.S. Dept Of Defense: Unauthorized access to admin panel of the Questionmark Perception system at https://██████████
Summary: Due to the lack of access control, an anonymous attacker can compromise the administrator account on the Questionmark Perception system. Description: By using the service description which publicly accessible on the internet, and by bypassing the access control, an anonymous attacker can...
CVE-2020-26919
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
The vulnerability of the Outside In Filters component of the Oracle Software Development Kit (SDK), as well as the Oracle Text component of the Oracle Database Server database management system, allows a malicious individual to gain access to read, delete, and modify data, or to cause a service failure.
The vulnerability of the Outside In Filters component of the Oracle Software Development Kit SDK and the Oracle Text component of the Oracle Database Server system is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to gain read, delete, and modi...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain control over the application.
The vulnerability of the Core component of the Oracle VM VirtualBox software is related to lack of access control. Exploiting this vulnerability can allow an attacker to gain full control over the application...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain access to modify, add, or delete data.
The vulnerability of the Core component of the Oracle VM VirtualBox software is related to lack of access control. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...