300 matches found
EUVD-2023-54675
Malicious code in bioql PyPI...
Missing Authorization
Mattermost Confluence Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing access validation due to failure to check user permissions when editing channel subscriptions via the API...
Server-Side Request Forgery (SSRF)
Liferay Portal is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper access validation due to crafted URLs in FreeMarker templates that allow template editors to bypass restrictions...
CVE-2025-4655
SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editor...
Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access
File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...
CVE-2025-34076
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
CVE-2024-45347
An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim’s device...
CVE-2025-22828
CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...
CVE-2024-1526
The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag...
CVE-2022-44565
An improper access validation vulnerability exists in airMAX AC 8.7.11, airFiber 60/LR 2.6.2, airFiber 60 XG/HD...
CVE-2019-15874
In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results...
DRUPAL-CONTRIB-2025-065
This module provides a block to easily display a rendered node. Access to the rendered node isn't validated before rendering the block. Allowing access to node content for users that would normally not be allowed to access the node...
CVE-2025-22038
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero numsubauth before subauth is accessed Access psid-subauthpsid-numsubauth - 1 without checking if numsubauth is non-zero leads to an out-of-bounds read. This patch adds a validation step to ensure numsubauth !...
CVE-2025-22079
In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate ltreedepth to avoid out-of-bounds access The ltreedepth field is 16-bit le16, but the actual maximum depth is limited to OCFS2MAXPATHDEPTH. Add a check to prevent out-of-bounds access if ltreedepth has an invalid...
CVE-2025-22038 ksmbd: validate zero num_subauth before sub_auth is accessed
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero numsubauth before subauth is accessed Access psid-subauthpsid-numsubauth - 1 without checking if numsubauth is non-zero leads to an out-of-bounds read. This patch adds a validation step to ensure numsubauth !...
Cisco Content Security Management Appliance Access Authentication Error Vulnerability
Cisco Content Security Management Appliance SMA is a set of content security management equipment from Cisco Cisco. The appliance is mainly used to manage all policies, reports, audit information, etc. for e-mail and Web security devices. The Cisco Content Security Management Appliance has an...
Linux Distros Unpatched Vulnerability : CVE-2024-36893
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Check for port partner validity before consuming it typecregisterpartner...
CVE-2022-49289 uaccess: fix integer overflow on access_ok()
In the Linux kernel, the following vulnerability has been resolved: uaccess: fix integer overflow on accessok Three architectures check the end of a user access against the address limit without taking a possible overflow into account. Passing a negative length or another overflow in here returns...
CVE-2025-27089 Overlapping policies allow update to non-allowed fields in directus
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is...
CVE-2025-22828
CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...