CVE-2026-21767

HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication...

EUVD-2026-18096

HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication...

CVE-2026-21767

HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication...

HCL BigFix Platform 安全漏洞

The HCL BigFix Platform is a developed by the Indian company HCL. This platform supports automatic discovery, management, and remediation of endpoint security issues. The HCL BigFix Platform has security vulnerabilities, which stem from insufficient authentication. As a result, users may access...

CVE-2026-21767 HCL BigFix Platform is affected by insufficient authentication

HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication...

CVE-2026-21767

HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication...

CVE-2026-21767 HCL BigFix Platform is affected by insufficient authentication

HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication...

CVE-2026-21767

CVE-2026-21767 concerns HCL BigFix Platform. Connected Nessus data specifies that BigFix Server 11.0.x prior to 11.0.6 is affected by an insufficient authentication vulnerability, which may permit access to sensitive areas without proper authentication. The issue is tied to the BigFix Platform’s ...

PT-2025-26349 · Unknown · User Roles/Capabilities

Name of the Vulnerable Software and Affected Versions: mahabub81 User Roles and Capabilities versions 1.2.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For...

PT-2024-36237 · Unknown · Fancy Roller Scroller

Name of the Vulnerable Software and Affected Versions: Fancy Roller Scroller versions through 1.4.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

PT-2023-29233 · Unknown · Uptime Kuma

Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.23.3 Description: The issue allows attackers with access to a user's device to gain persistent account access due to missing verification of Session Tokens after password changes and/or elapsed inactivity...

Admidio Insufficient Session Expiration vulnerability

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11. This vulnerability allows a user's session to remain valid even after the user has logged out, potentially granting unauthorized access to sensitive areas and functionalities...

CVE-2021-43762

AEM's Cloud Service offering, as well as version 6.5.10.0 and below are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability...

CVE-2020-3318

Multiple vulnerabilities in Cisco Firepower Management Center FMC Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of...

PT-2020-15041 · Istio · Istio

Name of the Vulnerable Software and Affected Versions: Kiali versions 0.4.0 through 1.15.0 Description: The issue is related to insufficient JWT validation, allowing a remote attacker to steal a valid JWT cookie and use it to spoof a user session. This could potentially grant privileges to view a...