Wikimedia AbuseFilter 输入验证错误漏洞

Wikimedia AbuseFilter is an editing filter tool developed by the Wikimedia Foundation, designed to automatically filter and block suspicious edits, account creation, and other disruptive activities based on custom rules. Versions of Wikimedia AbuseFilter prior to 1.43.7, as well as versions 1.44....

EUVD-2019-2499

Malware in sbrugna...

EUVD-2016-1974

Malware in sbrugna...

📄 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure

GeoVision ASManager Windows Application version 6.1.2.0 suffers from a credential disclosure vulnerability. Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage:...

CVE-2025-6741

Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.4.0 Devolutions Server...

CVE-2025-27153

Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11...

CVE-2019-15137

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings instead of the permission expressions themselves, which can lead to unintended connections between participants in a Data Distribution Service DDS network...

CVE-2024-9000

In lunary-ai/lunary prior to version 1.4.26, the checklists.post endpoint lacks proper authorization checks, allowing unauthorized users to create or modify checklists. The issue includes missing validation of the user’s permissions and a failure to enforce unique slugs for new checklists, enabli...

PT-2023-17268 · Candlepin · Candlepin

Name of the Vulnerable Software and Affected Versions: Candlepin affected versions not specified Description: An improper access control flaw was found in Candlepin, allowing an attacker to create data scoped under another customer or tenant. This can result in loss of confidentiality and...

SUSE CVE-2015-7560

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL...

CVE-2022-40816

Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be...

CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...

CVE-2019-18275

OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to an improper access control, which may return unauthorized tag data when viewing analysis data reference attributes...

Authentication flaw

Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to ensureauth wrapper result in authentication-checking not being applied to al routes...