1597 matches found
EUVD-2026-11367
StudioCMS S3 Storage Manager Authorization Bypass via Missing await on Async Auth Check...
CVE-2026-32101 StudioCMS S3 Storage Manager Authorization Bypass via Missing `await` on Async Auth Check
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized function is declared async returns Promise but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in...
CVE-2026-32101
CVE-2026-32101 affects StudioCMS S3 Storage Manager prior to version 0.3.1. The isAuthorized() function is async but is called without await in both the POST and PUT handlers, causing the authorization check to always evaluate to bypass due to Promise objects being truthy. As a result, any authen...
CVE-2026-32101 StudioCMS S3 Storage Manager Authorization Bypass via Missing `await` on Async Auth Check
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized function is declared async returns Promise but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Ibm Tivoli_Storage_Manager_Fastback
No d...
Synology DSM 安全漏洞
Synology DSM is an NAS management operating system developed by the Chinese company Synology. There is a security vulnerability in Synology DSM, where attackers can bypass access restrictions through the Storage Manager to read sensitive information...
Brocade SANnav 安全漏洞
Brocade SANnav is a storage area network management software developed by the American company Brocade. Versions of Brocade SANnav prior to 2.4.0b contained security vulnerabilities. These vulnerabilities stemmed from the fact that logs supported by SANnav recorded administrator passwords for...
MiracleLinux 7 : firefox-102.14.0-1.0.1.el7.AXS7 (AXSA:2023-6310:27)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6310:27 advisory. Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation...
CVE-2025-1710
The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks...
Dell Storage Manager Critical Function Missing Authentication Vulnerability
Dell Storage Manager is a centralized management tool for Dell storage products, used for daily management and monitoring of storage devices such as SC Series, PS Series, and others. Dell Storage Manager suffers from a Critical Function Missing Authentication vulnerability, no details of the...
Dell Storage Manager XML External Entity References Improperly Restricted Vulnerability
Dell Storage Manager is a centralized storage management tool from Dell that is used to manage storage devices such as SC Series, PS Series and FluidFS, providing unified monitoring, configuration and replication capabilities. An XML External Entity Reference Improper Restriction vulnerability...
Dell Storage Manager Improper Authentication Vulnerability
Dell Storage Manager is a centralized storage management tool from Dell that is used to manage storage devices such as SC Series, PS Series and FluidFS, providing unified monitoring, configuration and replication capabilities. An improper authentication vulnerability exists in Dell Storage Manage...
Dell Storage Manager Authentication Bypass (CVE-2025-43995)
Binary data dellstoragemanagercve-2025-43995.nbin...
CVE-2025-46425
Dell Storage Center - Dell Storage Manager, versions 20.1.20, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...
CVE-2025-43994
Dell Storage Center - Dell Storage Manager, versions DSM 20.1.21, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...
CVE-2025-43994
Dell Storage Center - Dell Storage Manager, versions DSM 20.1.21, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...
CVE-2025-43995
Dell Storage Center - Dell Storage Manager, versions 20.1.21, contains an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An...
CVE-2025-46425
Dell Storage Center - Dell Storage Manager, versions 20.1.20, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...
CVE-2025-46425
Dell Storage Center - Dell Storage Manager, versions 20.1.20, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...
CVE-2025-43994
Dell Storage Center - Dell Storage Manager, versions DSM 20.1.21, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...