CVE-2026-5804

An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...

CVE-2026-34834

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings vi...

NEC Platforms Aterm Series 安全漏洞

The NEC Platforms Aterm Series is a series of wireless router and network device products developed by the Japanese company NEC. The NEC Platforms Aterm Series contains security vulnerabilities, which stem from lack of authorization. These vulnerabilities may allow attackers to access device...

MyTube security vulnerability

MyTube is a video self-hosting downloader and player developed by Peifan Li. Versions of MyTube prior to 1.7.66 contained security vulnerabilities. These vulnerabilities stemmed from the authentication check implemented by roleBasedAuthMiddleware, which could be bypassed, allowing unverified user...

PT-2025-54257

Name of the Vulnerable Software and Affected Versions Akuvox Smart Intercom S539 affected versions not specified Description The Akuvox Smart Intercom S539 has an issue with access control. Users with 'User' privileges can modify API access settings and configurations. This can allow attackers to...

CVE-2025-13498

Technical details for CVE-2025-13498 are not provided in the connected documents. The initial description notes a WordPress Download Manager plugin vulnerability up to version 3.3.32 but does not specify affected product/vendor/version details beyond that. Monitor for updates.

EUVD-2007-0315

Malware in sbrugna...

EUVD-2007-3933

Malware in sbrugna...

Incorrect Default Permissions

org.apache.dolphinscheduler, dolphinscheduler is vulnerable to Incorrect Default Permissions. The vulnerability is due to improper default access settings in the application, which allows an attacker to gain unauthorized access or perform unintended actions within the system...

EUVD-2025-15178

Malicious code in bioql PyPI...

CVE-2025-41648

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI...

CVE-2023-35667

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21135

In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-1292

An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka 'OpenSSH for Windows Elevation of Privilege Vulnerability'...

CVE-2023-35667

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-31411

A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App...

CVE-2023-21135

In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-21135

In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

PT-2022-20036 · WordPress · Bitcoin / Altcoin Faucet Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Bitcoin / Altcoin Faucet WordPress plugin versions prior to 1.6.1 Description: The issue concerns a lack of CSRF check when saving settings, allowing an attacker to make a logged-in admin change them via a CSRF attack. Additionally, due to th...

Unspecified Vulnerability in IBM Rational Collaborative Lifecycle Management RSA DM

IBM Rational Collaborative Lifecycle Management CLM is a suite of collaborative lifecycle management solutions from IBM in the United States. The solution combines three products, RTC, RQM, and RRC, in an IBM SmartCloud Enterprise cloud environment image to provide requirements management, change...