Redline WR3200 安全漏洞

The Redline WR3200 is a Wi-Fi 4 router from the Turkish company Redline, capable of supporting 300Mbps wireless transmission. The Redline WR3200 versions from 7.1.3 to 7.1.8 have security vulnerabilities. These vulnerabilities stem from improper authentication, lack of authentication for critical...

Acer NitroSense 安全漏洞

Acer NitroSense is a gaming device performance management software developed by Acer of Taiwan, China. Versions of Acer NitroSense prior to 3.01.3052 contained security vulnerabilities. These vulnerabilities stemmed from the PSAdminAgent service creating named pipes with weak access control lists...

Why Outdated Maintenance Software Is a Growing Ransomware Risk

Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers...

CVE-2026-1267

IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls...

WordPress plugin ModelTheme Framework 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Common Cloud Migration Security Mistakes (and How to Avoid Them)

Common cloud migration security mistakes explained, from weak access controls to misconfigurations, plus practical steps organisations can take to avoid risk...

CVE-2025-12648 WP-Members Membership Plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files

The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories wp-content/uploads/wpmembers/userfiles// without implementing proper access controls beyond bas...

WordPress plugin Bit Assist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-64064

Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...

EUVD-2025-199638

Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...

Inside an Automotive Giant’s Data Leak — A Cloud Misconfiguration Lesson for AWS Users

70 TB+ of data, hard-coded keys, and weak IAM controls. For even the most experienced enterprises, one configuration decision can be enough to surface how interdependent and vulnerable modern cloud systems truly are. The recent data exposure incident at a large automotive firm highlights this...

EUVD-2025-36150

The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections...

PT-2025-43924

Name of the Vulnerable Software and Affected Versions versions prior to 2025 Description The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access, increasing the risk of unauthorised connections...

EUVD-2015-7861

Malware in sbrugna...

PT-2025-35755

Name of the Vulnerable Software and Affected Versions: yydevelopment Mobile Contact Line versions through 2.4.0 Description: A missing authorization issue exists in yydevelopment Mobile Contact Line due to incorrectly configured access control security levels. Recommendations: Update yydevelopmen...

CVE-2023-42481

In SAP Commerce Cloud - versions HYCOM 1905, HYCOM 2005, HYCOM2105, HYCOM 2011, HYCOM 2205, COMCLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, d...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to insufficient enforcement of access restrictions on all backend routes. An attacker can bypass the multifactor authentication MFA dialog presented during backend login by...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access controls, despite not having the required permissions for Compliance Monitoring. Remediation...

CVE-2025-0066

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform Internet Communication Framework allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in SAP, NetWeaver and ABAP. The vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform include incorrect authentication controls and weak access controls, which can be exploited by authenticated attackers to escalate their privileges and gain...