269 matches found
CVE-2025-54781 Himmelblau leaks an Intune service access token in its logs
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaudtasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune...
FreeBSD : Gitlab -- Vulnerabilities (d45dabd9-5232-11f0-9ca4-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d45dabd9-5232-11f0-9ca4-2cf05da270f3 advisory. Gitlab reports: Denial of Service impacts GitLab CE/EE Missing Authentication issue impacts...
CVE-2025-2828
CVE-2025-2828 describes an SSRF flaw in the RequestsToolkit of langchain-ai/langchain (langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) affecting version 0.0.27. The vulnerability arises from insufficiently restricted requests to remote internet addresses, enabling an attacker ...
CVE-2024-45871
Bandisoft BandiView 7.05 is Incorrect Access Control via sub0x232bd8 resulting in denial of service DOS...
CVE-2023-25683
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592...
CVE-2023-37940
Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...
CVE-2022-48113
A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...
CVE-2021-25337
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files...
CVE-2020-19676
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in...
CVE-2019-10917
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 All versions V8.1 with WinCC V7.3 Upd 19, SIMATIC PCS 7 V8.2 All versions V8.2 SP1 with WinCC V7.4 SP1 Upd11, SIMATIC PCS 7 V9.0 All versions V9.0 SP2 with WinCC V7.4 SP1 Upd11, SIMATIC WinCC TI...
CVE-2010-0535
Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list SACL for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors...
CVE-2010-0534
Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list SACL for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests...
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
Cybersecurity researchers have discovered risky default identity and access management IAM roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. "These roles, often...
CVE-2025-3775
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.2 via the woolentortemplateproxy function. This makes it possible for...
PT-2025-15280
Name of the Vulnerable Software and Affected Versions fluent-bit version 3.7.2 Description The issue allows a local attacker to cause a denial of service via the cfl list size in cfl list.h:165. This can be exploited to disrupt the service. Recommendations For fluent-bit version 3.7.2, as a...
CVE-2025-2546 D-Link DIR-618/DIR-605L Firewall Service formAdvFirewall access control
A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. This vulnerability affects unknown code of the file /goform/formAdvFirewall of the component Firewall Service. The manipulation leads to improper access controls. The attack needs to be approached within...
CVE-2024-7959
The Open WebUI SSRF issue is in open-webui/open-webui version 0.3.8, exposed via the /openai/models endpoint. The vulnerable component allows changing the OpenAI URL without validation, causing the server to issue requests to arbitrary destinations and return their output. Reported impact include...
Hewlett Packard Enterprise AOS-CX(HPE AOS-CX) 安全漏洞
Hewlett Packard Enterprise AOS-CX HPE AOS-CX is a network operating system for data centers, campuses, and edges from Hewlett Packard Enterprise, Inc. It is used to provide flexible and innovative network services and enhance network performance. A security vulnerability exists in Hewlett Packard...
CVE-2025-22603 AutoGPT SSRF vulnerability
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery SSRF vulnerability inside component or block Send Web Request. The...
RSUPPORT RemoteView Agent 安全漏洞
RSUPPORT RemoteView Agent is a remote control agent program from RSUPPORT Japan. A security vulnerability exists in RSUPPORT RemoteView Agent versions prior to v8.1.5.2, which stems from incorrect access privileges to specific services, and could cause a non-administrative user to execute arbitra...