CVE-2026-44776 Kavita: IDOR in /api/Download/*

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

CVE-2021-21318

Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial...

CVE-2022-20848 Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points UDP Processing Denial of Service Vulnerability

A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to the improper processing of...

CVE-2022-20848 Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points UDP Processing Denial of Service Vulnerability

A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to the improper processing of...

User can read any series without permission

Description A normal user can access any series without permission if they have access to at least one library. Version Tested on latest release 0.5.6.0 and on docker image 'kizaing/kavita:latest', with image pulled on September 17, 12:30 UTC Digest:...

CVE-2021-21318

Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial...

CVE-2021-21318

Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial...

CVE-2021-21318 Removing access may not effect published series

Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial...

CVE-2019-1826

A vulnerability in the quality of service QoS feature of Cisco Aironet Series Access Points APs could allow an authenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames...

Input validation

A vulnerability in the quality of service QoS feature of Cisco Aironet Series Access Points APs could allow an authenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames...

CVE-2019-1829 Cisco Aironet Series Access Points Command Injection Vulnerability

A vulnerability in the CLI of Cisco Aironet Series Access Points APs could allow an authenticated, local attacker to gain access to the underlying Linux operating system OS without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due ...

CVE-2019-1654

A vulnerability in the development shell devshell authentication for Cisco Aironet Series Access Points APs running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the...

CVE-2018-0381

A vulnerability in the Cisco Aironet Series Access Points APs software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to a deadlock condition that may occur when an affect...

Race condition

A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency RF adjacent attacker to cause the Access Point AP to reload, resulting in a denial of service DoS condition. The...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Wireless LAN Controller software, Identity Services Engine software, and Aironet 1800 Series Access Points. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected device. US-CERT...

IBM Personal Communications I-Series Access WorkStation 5.9 Profile

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...