CVE-2009-3921

The Smartqueueog module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation message...

CVE-2005-3643

IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password...

CVE-2025-4978

A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.151.00.15NA. This affects an unknown part of the file /BRStop.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely...

CVE-2025-4755

A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R68125. It has been classified as critical. This affects the function sub497DE4 of the file /H5/netconfig.asp. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclose...

The vulnerability of the Message routing profiles component of the BIG-IP access control and remote authentication solution allows a perpetrator to cause a service failure.

The vulnerability of the Message routing profiles component in the access control and remote authentication solution BIG-IP is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of the Message Routing component of the access control and remote authentication solution BIG-IP allows a perpetrator to cause a service failure.

The vulnerability of the Message Routing component in the BIG-IP access control and remote authentication solution is related to pointer aliasing errors. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the Configuration tool for access control and remote authentication in BIG-IP allows a attacker to carry out XSS attacks.

The vulnerability of the Configuration tool for access control and remote authentication in BIG-IP relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

CVE-2025-46265

On F5OS, an improper authorization vulnerability exists where remotely authenticated users LDAP, RADIUS, TACACS+ may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-46265

On F5OS, an improper authorization vulnerability exists where remotely authenticated users LDAP, RADIUS, TACACS+ may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-46265

CVE-2025-46265 describes an improper authorization in F5OS where remotely authenticated users (LDAP, RADIUS, TACACS+) may be granted higher privilege within F5OS roles. The issue affects F5OS-A and F5OS-C branches with vulnerable versions listed in F5 advisory K000139503; fixes are introduced in ...

CVE-2025-32820

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable...

CVE-2025-24347

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the network configuration file via a crafted HTTP request...

CVE-2025-24347

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the network configuration file via a crafted HTTP request...

CVE-2025-24346

CVE-2025-24346 affects ctrlX OS; a vulnerability in the web application's Proxy functionality lets a remote authenticated (low-privileged) user craft an HTTP request to modify the /etc/environment file. The CVSS v3.1 base score is 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Exploitation details ar...

CVE-2025-24343

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request...

CVE-2025-24340

A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated low-privileged attacker to recover the plaintext passwords of other users...

CVE-2025-3760

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

CVE-2025-3928

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217...

UBUNTU-CVE-2025-2092

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p29, 2.2.0p41 and =2.1.0p49 EOL causes remote site authentication secrets to be written to log files accessible to administrators...

PT-2025-17523 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.3.0p29 Checkmk versions 2.2.0p41 Checkmk versions =2.1.0p49 Description: The issue involves the insertion of sensitive information into log files in Checkmk, causing remote site authentication secrets to be written to log...