5 matches found
(Pwn2Own) QNAP QHora-322 access_setting HTTP Request Smuggling Vulnerability
This vulnerability allows network-adjacent attackers to smuggle arbitrary HTTP requests on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...
SUSE CVE-2025-3611
Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...
CVE-2025-27571 Channel metadata visible in archived channels despite configuration setting
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...
UBUNTU-CVE-2019-13457
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets with the same CustomerID, even when the CustomerDisableCompanyTicketAccess setting is turned on...
Huawei E5331 MiFi Unauthenticated Access / Setting Manipulation
Huawei E5331 MiFi mobile hotspot version 21.344.11.00.414 suffers from unauthenticated access and setting manipulation vulnerabilities. ======================================================================= title: Unauthenticated access & manipulation of settings product: Huawei E5331 MiFi mobil...