CVE-2026-2995

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content...

CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning.

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware

Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as...

CVE-2024-32119

An improper authentication vulnerability CWE-287 in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially...

CVE-2024-32119

An improper authentication vulnerability CWE-287 in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially...

CVE-2024-32119

CVE-2024-32119 affects Fortinet FortiClientEMS, specifically versions 7.4.0 and before 7.2.4. The issue is an improper authentication (CWE-287) that could allow an unauthenticated attacker, who knows a targeted user’s FCTUID and VDOM, to perform operations such as uploading or tagging on behalf o...

Discourse 路径遍历漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from a path traversal vulnerability that stems from the fact that an attacker can leverage the activate-account route via a...

CVE-2024-47652

The CVE-2024-47652 entry concerns Shilpi Client Dashboard, where the login module uses inadequate authentication, allowing an attacker to access any user account by supplying that user’s mobile number. This root cause implies a high-impact authentication weakness that could lead to full account c...

CVE-2020-27157

Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user...

Cross site request forgery (csrf)

A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment HCM-F could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected...

CVE-2020-3124 Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment HCM-F could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected...

PT-2020-4036 · Microsoft · Sharepoint Foundation +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A tampering issue exists due to...

CVE-2020-3537

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that...

CVE-2019-1939

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An...

CVE-2019-1939 Cisco Webex Teams Logging Feature Command Execution Vulnerability

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An...

CVE-2019-0996

A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application on behalf of the...

Keybase: macOS privilege escalation

Short description We can add an arbitrary folder to the default $PATH environment variable, so we can exploit this to run arbitrary code as the targeted user. Steps to reproduce 1. In the example I will use the low privileged nobody account could be any other account and I will target the u3mur4...

CVE-2018-15402 Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

CVE-2018-0104

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious A...

IBM Lotus Sametime WebPlayer DoS

This module exploits a known flaw in the IBM Lotus Sametime WebPlayer version 8.5.2.1392 and prior to cause a denial of service condition against specific users. For this module to function the target user must be actively logged into the IBM Lotus Sametime server and have the Sametime Audio Visu...