CVE-2026-5804

An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...

CVE-2026-34834

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings vi...

NEC Platforms Aterm Series 安全漏洞

The NEC Platforms Aterm Series is a series of wireless router and network device products developed by the Japanese company NEC. The NEC Platforms Aterm Series contains security vulnerabilities, which stem from lack of authorization. These vulnerabilities may allow attackers to access device...

MyTube security vulnerability

MyTube is a video self-hosting downloader and player developed by Peifan Li. Versions of MyTube prior to 1.7.66 contained security vulnerabilities. These vulnerabilities stemmed from the authentication check implemented by roleBasedAuthMiddleware, which could be bypassed, allowing unverified user...

PT-2025-54257

Name of the Vulnerable Software and Affected Versions Akuvox Smart Intercom S539 affected versions not specified Description The Akuvox Smart Intercom S539 has an issue with access control. Users with 'User' privileges can modify API access settings and configurations. This can allow attackers to...

CVE-2025-13498

Technical details for CVE-2025-13498 are not provided in the connected documents. The initial description notes a WordPress Download Manager plugin vulnerability up to version 3.3.32 but does not specify affected product/vendor/version details beyond that. Monitor for updates.

EUVD-2007-0315

Malware in sbrugna...

EUVD-2007-3933

Malware in sbrugna...

Incorrect Default Permissions

org.apache.dolphinscheduler, dolphinscheduler is vulnerable to Incorrect Default Permissions. The vulnerability is due to improper default access settings in the application, which allows an attacker to gain unauthorized access or perform unintended actions within the system...

EUVD-2025-15178

Malicious code in bioql PyPI...

CVE-2025-41648

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI...

CVE-2023-35667

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21135

In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-1292

An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka 'OpenSSH for Windows Elevation of Privilege Vulnerability'...

The vulnerability of the Intel Integrated Sensor Hub driver for NUC M15 laptops allows a hacker to gain increased privileges.

The vulnerability of the Intel Integrated Sensor Hub driver for NUC M15 laptops is related to the default access settings. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of the AudacityApp.cpp component of the audio editing software Audacity, related to default access settings, allows a hacker to gain access to confidential data.

The vulnerability of the AudacityApp.cpp component of the audio editing software Audacity is related to the default access settings. Exploiting this vulnerability could allow an attacker to gain access to confidential data...

The vulnerability of the web interface of microprogramming software for devices for remote control of lighting and energy consumption in Schneider Electric Sage. This allows a perpetrator to upload arbitrary files and embedded software.

The vulnerability of the web interface of microprogramming software for devices for remote control of lighting and energy consumption in Schneider Electric Sage is related to the default access settings. Exploiting this vulnerability allows a malicious actor to upload arbitrary files and embedded...

The vulnerability of the Intel Integrated Sensor Hub driver in the microprogramming software for NUC P14E Laptop Element allows a hacker to gain increased privileges.

The vulnerability of the Intel Integrated Sensor Hub driver for NUC P14E Laptop Element notebooks is related to the default access settings. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of programming tools for monitoring and managing network infrastructure Hitachi JP1/Performance Management lies in the default access settings, which allow a perpetrator to gain access to files and directories.

The vulnerability of software tools for monitoring and managing network infrastructure of Hitachi JP1/Performance Management is related to the default access settings. Exploiting this vulnerability can allow attackers to gain access to files and directories...

CVE-2023-35667

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...