CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

DELMIA Apriso - Broken Access Control

DELMIA Apriso Release 2020 through Release 2025 contains a broken access control vulnerability caused by missing authorization, letting attackers gain privileged access to the application, exploit requires no special conditions. id: CVE-2025-6205 info: name: DELMIA Apriso - Broken Access Control...

CVE-2026-2449

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

CVE-2025-5090

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...

CVE-2025-5090 Arista CloudVision Exchange Cluster Instability via Unexpected Switch Messages

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...

EUVD-2025-210075

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent cras...

Devolutions Server < 2026.1.20 Multiple Vulnerabilities (DEVO-2026-0014)

The version of Devolutions Server installed on the remote host is prior to 2026.1.20. It is, therefore, affected by multiple vulnerabilities, including: - Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without...

CVE-2026-9522

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

CVE-2026-47740

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Version 7 of Mautic has a security vulnerability, which stems from an API v2 endpoint authorization bypass. This vulnerability cou...

EUVD-2026-33016

Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite component: Security. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle Flow Manufacturing...

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services contain security vulnerabilities. These vulnerabilities st...

CVE-2026-8381

A broken access control vulnerability exists in the TeamViewer DEX Platform On‑Premises prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for...

TeamViewer DEX Platform On-Premises 安全漏洞

The TeamViewer DEX Platform On-Premises is a locally deployed digital employee experience management platform by the German company TeamViewer. Prior to version 9.2 of the TeamViewer DEX Platform On-Premises, there were security vulnerabilities. These vulnerabilities stemmed from incorrect...

PT-2026-42768

Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...

CVE-2026-34930

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the ability to execute...

Astra Linux – Vulnerability in libhttp-daemon-perl

HTTP::Daemon is a simple HTTP server class written in Perl. Versions prior to 6.15 are vulnerable to a vulnerability that could potentially be exploited to gain privileged access to APIs or corrupt intermediate caches. It’s unclear how severe these risks are; most Perl-based applications are serv...

Duplicate Advisory: phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pqh6-8fxf-jx22. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use...

SAP NetWeaver AS ABAP Code Injection (3735359)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a code injection vulnerability as referenced in SAP Security Note 3735359: - A code injection vulnerability exists in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. An authenticated attacker with low...