CVE-2026-43886

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope uses Array.some to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the...

CVE-2026-22536 PRIVILEGE ESCALATION VIA SUDO COMMAND

The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions...

CVE-2020-11846

A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1...

OpenText NetIQ Privileged Account Manager 安全漏洞

OpenText NetIQ Privileged Account Manager is a customer management software from OpenText Canada. A security vulnerability exists in OpenText NetIQ Privileged Account Manager versions prior to 3.7.0.1, which originates from a cookie that is set when a token is successfully issued, which allows...

PT-2024-22273 · Grav · Grav

Name of the Vulnerable Software and Affected Versions: Grav versions prior to 1.7.45 Description: The issue arises due to unrestricted access to the twig extension class from the Grav context, allowing an attacker to redefine config variables and bypass previous SSTI mitigation. This can lead to...

Grav 安全漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A security vulnerability exists in Grav prior to version 1.7.45, which stems from unrestricted access to the twig extension class from the grav environment...

Security Vulnerabilities in Multiple Qualcomm Products

A Qualcomm chip is a chip from Qualcomm Incorporated USA. a way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and are from time to time fabricated on the surface of semiconductor wafers. A security vulnerability exists in multiple Qualcomm products tha...

tomcat: unrestricted access to global resources

It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not...

OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2016-7792

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it...