CVE-2026-5385 GLPI 11.0.0 - Stored XSS in knowledge base

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

BIT-MINIO-2026-41145 MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in 2023.05.18 and prior to 2026.04.11, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing t...

BIT-MINIO-2026-40344 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in 2023.05.18 and prior to 2026.04.11, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write arbitrary objects to any bucket without...

CVE-2026-41145 MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary...

CVE-2026-40344 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

CVE-2026-40344

MinIO is affected by an authentication bypass in the Snowball auto-extract handler (PutObjectExtractHandler) prior to RELEASE.2026-04-11T03:20:12Z. An attacker with a valid access key (including the default minioadmin or any key with WRITE on a bucket) can write arbitrary objects to any bucket wi...

CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

GHSA-HV4R-MVR4-25VW MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

Impact What kind of vulnerability is it? Who is impacted? An authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid...

GHSA-9C4Q-HQ6P-C237 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...

CVE-2026-33949

CVE-2026-33949 concerns TinaCMS’s GraphQL package, where vulnerable versions prior to 2.2.2 expose a path traversal weakness in @tinacms/graphql. The root cause is insufficient path validation (notably handling of backslashes) in getValidatedPath, allowing unauthenticated users to write/overwrite...

CVE-2026-32297

The CVE-2026-32297 entry concerns the Angeet ES3 KVM. It describes a remote, unauthenticated condition whereby an attacker can write arbitrary files, including configuration files or system binaries, enabling potential complete system compromise. According to the metrics, CVSS v3.1 indicates high...

SICK Lector85x和SICK SICK Lector83x 安全漏洞

SICK Lector85x and SICK SICK Lector83x are a series of QR code image recognition readers developed by the German company SICK. Both devices have security vulnerabilities. These vulnerabilities stem from incorrect access controls. Attackers could potentially perform unauthenticated read and write...

CVE-2025-54851

The CVE-2025-54851 issue affects Socomec DIRIS Digiware M-70 v1.6.9, where unauthenticated Modbus TCP/RTU over TCP requests can trigger a denial-of-service. Talos details show an attacker can send a single Modbus TCP message to port 503 using Write Single Register (code 6) to set register 4352 to...

PT-2024-24085 · Docsgpt · Docsgpt

Name of the Vulnerable Software and Affected Versions: DocsGPT versions prior to 0.8.1 Description: The issue is related to an unauthenticated limited file write in routes.py. This allows for unauthorized access to write files, potentially leading to further exploitation. The estimated number of...

VulnCheck KEV: CVE-2021-25003

The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE...

CVE-2022-30244

The CVE-2022-30244 vulnerability affects Honeywell Alerton Ascent Control Module (ACM) up to 2022-05-04. It allows unauthenticated, remote programming writes, enabling an attacker to store and execute code on the controller without verification by sending a crafted packet to change or stop the pr...

GHSA-W6G9-XCCC-347H Plone Unauthenticated Write Vulnerability

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT overwrite some content without needing write permission...

CVE-2022-27332

An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service DoS...

CODESYS V2 Web-Server 访问控制错误漏洞

3S-Smart Software Solutions CODESYS V2 Web-Server is an application from 3S-Smart Software Solutions, Germany. A web server. An access control error vulnerability exists in 3S-Smart Software Solutions CODESYS V2 Web-Server versions prior to 1.1.9.20, which can be exploited by an attacker with the...

NETGEAR JGS516PE/GS116Ev2 Unauthenticated Write Access Privilege to DHCP Configuration Vulnerability

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A security vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. An attacker can exploit the vulnerability to force multiple DHCP requests or disable them, potentially resulting in a denial of service...