Seagate NAS OS 4.3.15.1 - Server Information Disclosure

Seagate NAS OS version 4.3.15.1 has insufficient access control which allows attackers to obtain information about the NAS without authentication via empty POST requests in /api/external/7.0/system.System.getinfos. id: CVE-2018-12296 info: name: Seagate NAS OS 4.3.15.1 - Server Information...

BigAnt Server 5.6.06 - Improper Access Control

BigAnt Server 5.6.06 is susceptible to improper access control. The software utililizes weak password hashes. An attacker can craft a password hash and thereby possibly possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-23348 info: name: BigAn...

CVE-2026-9580 JeecgBoot selectDepart LoginController.selectDepart access control

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...

EUVD-2021-0001

Malware in sbrugna...

EUVD-2024-3250

Malicious code in bioql PyPI...

Security Bulletin: IBM Sterling Connect:Direct Web Service is affected by multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote...

CVE-2024-51734

Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to...

CVE-2023-41050

AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use...

CVE-2021-32807

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

Improper Privilege Management

Zope and AccessControl is vulnerable to Improper Privilege Management. The vulnerability is due to anonymous users being able to delete user data in AccessControl.userfolder.UserFolder, potentially preventing privileged access. Users unable to upgrade can mitigate by adding dataroles = to...

dcicsnovault (>=2.0.0b4 <=2.0.0b7), ethyca-fides (>=2.10.0 <=2.19.0rc8) +2 more potentially affected by CVE-2024-51734 via accesscontrol (>=4.4.0 <=6.0.0)

accesscontrol PYPI version =4.4.0, =2.0.0b4, =2.10.0, =4.6.3, =4.8.11 Source cves: CVE-2024-51734 Source advisory: OSV:GHSA-G5VW-3H65-2Q3V...

CVE-2024-51734

Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to...

CVE-2024-51734

CVE-2024-51734 affects Zope AccessControl prior to version 7.2, where anonymous users can delete data in AccessControl.userfolder.UserFolder, potentially disrupting privileged access. The issue is fixed in 7.2; a workaround is to set data__roles__ = () on the UserFolder. No exploitation details a...

CVE-2024-51734 User data deletion by anoynmous users in Zope

Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to...

CVE-2024-51734 User data deletion by anoynmous users in Zope

Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to...

CVE-2024-51734 User data deletion by anoynmous users in Zope

Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to...

GO-2022-1205 usememos/memos vulnerable to improper access control in github.com/usememos/memos

usememos/memos vulnerable to improper access control in github.com/usememos/memos...

CVE-2024-28805

An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control...

CVE-2024-33547 WordPress WZone plugin <= 14.0.10 - Site Wide Broken Access Control vulnerability

Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10...

CVE-2024-31267 WordPress Flexible Checkout Fields for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Desk Flexible Checkout Fields for WooCommerce.This issue affects Flexible Checkout Fields for WooCommerce: from n/a through 4.1.2...