50 matches found
CVE-2025-55196
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...
CVE-2024-4844
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
Exploit for Insufficiently Protected Credentials in Litespeedtech Litespeed_Cache
Poc LiteSpeed Cache CVE-2024-44000 Exploit CVE-2024-44000 is a...
CVE-2024-5514 MinMax CMS - Hidden Functionality
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without bei...
CVE-2024-4844
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
CVE-2024-4844
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
Daily Habit Tracker 1.0 Broken Access Control
Exploit Title: Daily Habit Tracker 1.0 - Broken Access Control Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on:...
CVE-2024-21815
Insufficiently protected credentials CWE-522 for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to vEL8.90.1751 MR3, 8.80 prior to vEL8.80.152...
CVE-2023-7235
The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...
Information Disclosure
oro/crm-call-bundle is vulnerable to Information Disclosure. The vulnerability allows back-office users to bypass access control ACL restrictions and gain unauthorized access to sensitive information, such as customer call logs and personal data...
abcparasail.com Improper Access Control vulnerability OBB-3791315
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-41812 Uploading executables via the file manager
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773...
Shopware's log module vulnerable to Improper Output Neutralization
Impact The log module contains all kind of sent mails. It is possible to see the password reset email of customers and admin users to gain probably more access. Patches Update to the latest 6.4.18.1 version. Workarounds - For older versions of 6.1, 6.2, and 6.3, corresponding security measures ar...
Improper access control
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings...
CVE-2022-33962 BIG-IP iRule vulnerability CVE-2022-33962
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings...
CVE-2022-22472
IBM Spectrum Protect Plus Container Backup and Restore 10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session...
Exploit for CVE-2022-26726
CVE-2022-26726 Affected Versions As a student, I have limi...
Escalation Of Privilege
In Apache HTTP Server 2.4 is vulnerable to escalation of privilege. The vulnerability exist because of a bug in modssl that uses per-location client certificate verification which allows a client to bypass configured access control restrictions...
USN-4483-1: Linux kernel vulnerabilities
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service memory exhaustion. CVE-2019-20810 Fan Yang discovered that the mremap...