EUVD-2025-34921

The Restaurant Brands International RBI assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface...

CVE-2025-8943 Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...

CVE-2024-6738

The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL...

The vulnerability of the deployment and management software for Azure Kubernetes Service Confidential Containers relates to lack of access control, allowing attackers to increase their privileges.

The vulnerability of the Azure Kubernetes Service Confidential Containers’ deployment and management software is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to enhance their privileges remotely...

The vulnerability of the remote access tool for VMware Workspace ONE Assist, related to lack of access control, allows a perpetrator to circumvent existing security restrictions and enhance their privileges.

The vulnerability of the remote access tool for VMware Workspace ONE Assist is related to lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and gain increased privileges...

UBUNTU-CVE-2022-31022

Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP bleve/http handlers fo...

The vulnerability of the libseccomp library lies in its lack of access control for certain functions. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the libseccomp library is related to deficiencies in access control for certain functions. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its integrity, and even cause service failures...

The vulnerability of the Process Analysis & Discovery component of the Business Process Management Suite allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Process Analysis & Discovery component in the Business Process Management Suite is related to lack of access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...