PT-2026-45802

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

TeamViewer DEX Platform On-Premises 安全漏洞

The TeamViewer DEX Platform On-Premises is a locally deployed digital employee experience management platform by the German company TeamViewer. Prior to version 9.2 of the TeamViewer DEX Platform On-Premises, there were security vulnerabilities. These vulnerabilities stemmed from incorrect...

Origin Validation Error

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error via the sessionssend sourceTool. An attacker can cause privileged actions to be performed by injecting crafted inter-session prompts that are misinterpreted as...

CVE-2026-24312

SAP Business Workflow suffers a privilege-escalation flaw caused by an erroneous authorization check. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to perform unauthorized high-privilege actions. This primarily impacts d...

Moxa多款产品 安全漏洞

MOXA EDF-G1002-BP Series and so on are products of Moxa China.MOXA EDF-G1002-BP Series is a series of industrial-grade local area network LAN firewalls.Moxa EDR-8010 Series and so on are products of Moxa Taiwan.Moxa EDR-8010 Series is a series of secure routers.Moxa EDR-G9010 Series is a series o...

CVE-2021-45886

An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user such as operator can be used to confirm actions of higher-privileged ones such...

CVE-2024-42028

A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application Version 8.4.62 and earlier allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server...

CVE-2021-28623 Adobe Premiere Elements Privilege Escalation Vulnerability

Adobe Premiere Elements version 5.2 and earlier is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require...

The vulnerability in the web interface of the Cisco Wireless LAN Controller allows a malicious actor to perform arbitrary actions on the device with user privileges, including changing the device’s configuration.

The vulnerability of the Cisco Wireless LAN Controller web interface is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the device with user privileges, including changing the device configuration using a...

Microsoft SharePoint Server and Foundation Multiple Vulnerabilities (3124585)

This host is missing an important security update according to Microsoft Bulletin MS16-004. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...