1191 matches found
CVE-2008-7311
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.actioncontrollersession hash value aka secret key, which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the...
CVE-2019-2183
In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2024-34524
In XLANG OpenAgents through fe73ac4, the allowedfile protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content...
CVE-2025-11837
An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later...
CVE-2025-15422
A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...
CVE-2025-15102
DVP-12SE11T - Password Protection Bypass...
CVE-2025-15102
DVP-12SE11T - Password Protection Bypass...
CVE-2025-15102
DVP-12SE11T - Password Protection Bypass...
CVE-2025-15102
CVE-2025-15102 impacts Delta Electronics DVP-12SE11T PLC. The vulnerability is a password protection bypass that can be exploited remotely without authentication, potentially allowing unauthorized access and manipulation of PLC functionality. Fixed via firmware updates in late December 2025. Conn...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-991299)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991299 advisory. Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded...
EUVD-2025-204248
The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the wpdmmediaaccess AJAX action. This makes it possible for authenticated attackers,...
PT-2025-51998
Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions prior to 3.3.33 Description The Download Manager plugin for WordPress is susceptible to unauthorized access of sensitive information. This is caused by missing authorization and capability checks ...
CVE-2025-65318
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...
CVE-2025-65318
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...
CVE-2025-65319
When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...
CVE-2025-65318
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...
CVE-2025-65318
CVE-2025-65318 : Red Hat and NVD/NVD-derived records describe a vulnerability in Canary Mail 5.1.40 and earlier where saving documents via the attachment interaction leads to files being written to the filesystem without a Mark-of-the-Web tag. This tag omission can bypass built-in file protection...
Blue Mail 安全漏洞
Blue Mail is an email client from Blue Mail, Inc. A security vulnerability exists in Blue Mail versions 1.140.103 and earlier, which stems from a failure to add the Mark-of-the-Web tag when saving a document, and could lead to a bypass of the file protection mechanism...
Canary Mail 安全漏洞
Canary Mail is an email client application from Canary Mail, Inc. in the United States. A security vulnerability exists in Canary Mail version 5.1.40 and earlier, which stems from a failure to add the Mark-of-the-Web tag when saving a document, which could lead to a bypass of the file protection...
CVE-2025-65319
When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...