228 matches found
CVE-2026-12819
CVE-2026-12819 affects the Delta Electronics DVP12SE PLC. The issue is exposure of a Modbus TCP service on a specified port without authentication or access control, allowing unauthenticated interaction with security‑sensitive PLC functions. The CVSS metrics indicate high impact on confidentialit...
CVE-2026-57953 Mythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint
Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...
GHSA-4GXV-P5G5-J7W7 gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host
Summary A logic error in ServeCreateOrUpdatePlaylist allows any authenticated Subsonic user including non-admin to write playlist M3U content to an attacker-controlled absolute filesystem path on the gonic host, and to create intermediate directories with 0o777 permissions. The bug is independent...
CVE-2026-48089 DevGuard has improper authorization on public assets
DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the HTTP Basic authentication. An attacker can perform unauthorized write actions, such as modifying user profiles, adding email addresses, creating repositories, and deleting repositories, by submitting an...
CVE-2026-48289
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...
CVE-2026-48288
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...
EUVD-2026-35635
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...
CVE-2026-48289
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...
CVE-2026-48288
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...
CVE-2026-48289
CVE-2026-48289 affects Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue is an Improper Input Validation vulnerability that can bypass security features and allow unauthorized write access. Exploitation requires user interaction, with the attacker needing a v...
CVE-2026-48288 Adobe Experience Manager | Improper Input Validation (CWE-20)
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...
CVE-2026-48288
CVE-2026-48288 affects Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue is an Improper Input Validation vulnerability that can result in a security feature bypass . A low-privileged attacker could bypass security controls and gain unauthorized write access. ...
CVE-2026-48288 Adobe Experience Manager | Improper Input Validation (CWE-20)
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...
Adobe Experience Manager 输入验证错误漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
PT-2026-48094
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...
CVE-2026-34685
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing. are affected by an Improper Input...
CVE-2026-34656
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...
CVE-2026-34646
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...
EUVD-2026-33845
Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...