27 matches found
CVE-2026-49186
The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...
CVE-2016-10852
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem SEC-85...
EUVD-2007-5546
Malware in sbrugna...
EUVD-2016-1846
Malware in sbrugna...
EUVD-2021-1487
Malware in sbrugna...
EUVD-2009-0009
Malware in sbrugna...
EUVD-2005-1348
Malware in sbrugna...
EUVD-2024-1140
Malicious code in bioql PyPI...
EUVD-2022-4378
Malicious code in bioql PyPI...
CVE-2025-25040 Failure to Properly Enforce Port ACLs on CPU generated packets in CX 9300 Switches
A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is specific to traffic originated by the ...
PT-2024-30818 · Unknown · Memberpress
Name of the Vulnerable Software and Affected Versions: Memberpress versions 1.11.34 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions 1.11.34 and earlier,...
PT-2024-30493 · Unknown · Plugin Notes Plus
Name of the Vulnerable Software and Affected Versions: Plugin Notes Plus versions 1.2.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For Plugin Notes Plus versions...
BIT-KAFKA-2024-27309
While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced.Two preconditions are needed to trigger the bug:1. The administrator decides to remove an ACL2. The resource associated with the removed ACL continues to have two o...
Apache Kafka Denial of Denial Vulnerability
Apache Kafka is an open source distributed streaming platform from the Apache Foundation in the United States. The platform is capable of acquiring real-time data for building applications that react in real time to changes in the data stream. Apache Kafka suffers from a denial-of-acceptance...
CVE-2024-27309
While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Two preconditions are needed to trigger the bug: 1. The administrator decides to remove an ACL 2. The resource associated with the removed ACL continues to have tw...
GHSA-WC8W-GH5M-62FV MoinMoin Access Restrictions Bypassed due to improper ACL enforcement
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when aclhierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937...
MoinMoin Improper Access Control
macroGetval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages. The issue has been fixed on 4a7de0173734...
CVE-2020-14196
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced...
Design/Logic Flaw
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem SEC-85...
CVE-2016-10852
cPanel versions prior to 11.54.0.4 are affected by a lack of ACL enforcement in the AppConfig subsystem (SEC-85). Red Hat and NVD references confirm the issue, affecting cPanel’s AppConfig handling; no explicit exploit details or fix version are provided in the connected documents. The reports de...