EUVD-2025-26730

Malicious code in bioql PyPI...

EUVD-2025-26505

Malicious code in bioql PyPI...

EUVD-2021-6772

Malicious code in bioql PyPI...

CVE-2025-23256

NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure,...

CVE-2025-23256

CVE-2025-23256 affects NVIDIA BlueField: a vulnerability in the management interface could allow a locally authenticated attacker to cause incorrect authorization when modifying the configuration, potentially leading to denial of service, privilege escalation, information disclosure, and data tam...

CVE-2025-23256

NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure,...

CVE-2025-23256

NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure,...

CVE-2025-44178

DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and modify its configuration via the UPnP protocol WAN sides without any authentication...

Güralp FMUS 访问控制错误漏洞

The Güralp FMUS is a seismic monitoring device from Güralp UK. An access control error vulnerability exists in the Güralp FMUS that originates from an unauthenticated Telnet command line interface and could result in modifying the hardware configuration or restoring factory settings...

Siemens SCALANCE LPE9403 Security Bypass Vulnerability

Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens. It is used to capture, collect and pre-process industrial field data. A security bypass vulnerability exists in the Siemens SCALANCE LPE9403, which is caused by bypassing authentication. An...

CVE-2023-22916

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50W firmware versions 5.10 through 5.35, USG20W-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails ...

Siemens SCALANCE LPE9403 安全漏洞

Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens. It is used to capture, collect and pre-process industrial field data. A security bypass vulnerability exists in the Siemens SCALANCE LPE9403, which is caused by bypassing authentication. An...

CVE-2025-20972

Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration...

CVE-2025-43947

Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...

CVE-2025-27167

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical...

PT-2025-7147 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to improper input validation, allowing an authenticated remote attacker to modify system configuration via crafted HTTP requests. This can be achieved by sending...

Cisco ISE 授权问题漏洞

Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. The Cisco Identity Services Engine API has an authorization bypass vulnerability that can be exploited by a remote attacker to submit a special request that can obtain sensitive information, modify...

CLSA-2025-1738170016 unbound: Fix of CVE-2024-1488

CVE-2024-1488: make sure that only the unbound group is allowed to modify the configuration...

VulnCheck KEV: CVE-2024-11680

ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload...

CVE-2020-26063 Cisco Integrated Management Controller Software Authorization Bypass Vulnerability

A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attack...