28 matches found
EUVD-2025-6862
Malicious code in bioql PyPI...
CVE-2022-24972
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...
The vulnerability of the Fullscreen component in Google Chrome and Microsoft Edge browsers allows a malicious actor to gain unauthorized access to limited functionality.
The vulnerability of the Fullscreen component in Google Chrome and Microsoft Edge is related to lack of access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to limited functionality...
The vulnerability of the Makves DCAP software lies in its lack of access control mechanisms, allowing attackers to bypass existing security restrictions.
The vulnerability of the Makves DCAP software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...
CVE-2022-24972
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...
CVE-2022-24972
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...
Upgraded Q -> 2 from #179 [1679871876484]
Judge has assessed an item in Issue 179 as 2 risk. The relevant finding follows: L-14 Lack of access control in setVault function leave it vulnerable to frontrunning attack --- The text was updated successfully, but these errors were encountered: All reactions...
VMware vRealize Operations CaSA Improper Access Control Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vRealize Operations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...
FreeBSD : Gitlab -- Multiple Vulnerabilities (b299417a-5725-11ec-a587-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b299417a-5725-11ec-a587-001b217b3468 advisory. - Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4...
Possible DoS attack when creating Joins in Wand
Handle shw Vulnerability details Impact It is possible for an attacker to intendedly create a fake Join corresponding to a specific token beforehand to make Wand unable to deploy the actual Join, causing a DoS attack. Proof of Concept The address of Join corresponding to an underlying asset is...
U.S. Dept Of Defense: Unauthorized access to admin panel of the Questionmark Perception system at https://██████████
Summary: Due to the lack of access control, an anonymous attacker can compromise the administrator account on the Questionmark Perception system. Description: By using the service description which publicly accessible on the internet, and by bypassing the access control, an anonymous attacker can...
CVE-2020-26919
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
The vulnerability of the Outside In Filters component of the Oracle Software Development Kit (SDK), as well as the Oracle Text component of the Oracle Database Server database management system, allows a malicious individual to gain access to read, delete, and modify data, or to cause a service failure.
The vulnerability of the Outside In Filters component of the Oracle Software Development Kit SDK and the Oracle Text component of the Oracle Database Server system is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to gain read, delete, and modi...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain control over the application.
The vulnerability of the Core component of the Oracle VM VirtualBox software is related to lack of access control. Exploiting this vulnerability can allow an attacker to gain full control over the application...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain access to modify, add, or delete data.
The vulnerability of the Core component of the Oracle VM VirtualBox software is related to lack of access control. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...
The vulnerability of the Infrastructure component of the Oracle Financial Services Analytical Applications Infrastructure software for banking analytical systems, which allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Infrastructure component of the Oracle Financial Services Analytical Applications Infrastructure banking analytics system, a simulation-based modeling solution, is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to gain...
The vulnerability of the Message Display component of the Oracle Email Center software allows a malicious individual to gain access to modify, add, or delete data, or to obtain unauthorized access to protected information.
The vulnerability of the Message Display component in the Oracle Email Center software lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or to obtain unauthorized access to protected information usin...
Vulnerability of the Server component: The Information Schema of the MySQL Server database management system, which allows attackers to gain unauthorized access to protected information.
Vulnerability of the MySQL Server component: The information schema of the MySQL Server database management system is vulnerable due to lack of access control mechanisms. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using the HTTP protoc...
brazil2018.voices.wooster.edu Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1073278 Security Researcher devl00p Helped patch 2974 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting...