CVE-2025-1501 Incorrect authorization for traces request/download in CMC before 25.1.0

An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can request and download...

CVE-2024-4163

The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal IGX. However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exe...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a malicious actor to read arbitrary files.

The vulnerability of the Cisco Identity Services Engine ISE’s web management interface is related to deficiencies in path name checking for access-limited directories. Exploiting this vulnerability could allow a malicious actor, operating remotely, to read arbitrary files using a specially create...

Mail.ru: Открытые сорцы

gitlab repository with opensource projects was available from external network on geekbrains.ru subdomain. While no sensitive information was leaked, decision was made to limit the access to eliminate possible risks in future...