Information Disclosure

nautobotssot is vulnerable to Information Disclosure. The vulnerability is due to improper access control on an unauthenticated configuration page, which allows an attacker to view the ServiceNow public instance name without authentication...

EUVD-2022-48583

Malicious code in bioql PyPI...

CVE-2022-45724

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSIONID, and using this SESSIONID an attacker can then perform authenticated requests...

Improper access control

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSIONID, and using this SESSIONID an attacker can then perform authenticated requests...

CVE-2022-45724

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSIONID, and using this SESSIONID an attacker can then perform authenticated requests...

CVE-2020-10972

An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page a certain live?.shtml page with the variable syspasswd. Affected Devices: Wavlink WN530HG4, Wavlink...

Admidio Cross-Site Request Forgery Vulnerability (CNVD-2017-10374)

Admidio is a free online membership management system for associations, groups and organizations. The system offers features such as user management, adding and updating homepages, and installing and adjusting modules on it. A cross-site request forgery vulnerability exists in Admidio. The...