EUVD-2025-206791

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...

MongoDB 6.0.x < 6.0.25 / 7.0.x < 7.0.21 / 8.0.x < 8.0.5 / 8.1.0-rc0 (SERVER-51366)

The version of MongoDB installed on the remote host is 6.0 prior to 6.0.25 , 7.0 prior to 7.0.21, 8.0 prior to 8.0.5, and 8.1.0-rc0. It is, therefore, affected by a vulnerability as referenced in the SERVER-51366 advisory. - The MongoDB Windows installation MSI may leave ACLs unset on custom...

EUVD-2001-0849

Malware in sbrugna...

EUVD-2007-4194

Malware in sbrugna...

EUVD-2015-7797

Malware in sbrugna...

EUVD-2014-1294

Malware in sbrugna...

EUVD-2008-4558

Malware in sbrugna...

EUVD-2024-43788

Malicious code in bioql PyPI...

EUVD-2023-56255

Malicious code in bioql PyPI...

CVE-2019-13140

Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...

CVE-2025-25040

A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is specific to traffic originated by the ...

CVE-2025-25040 Failure to Properly Enforce Port ACLs on CPU generated packets in CX 9300 Switches

A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is specific to traffic originated by the ...

CVE-2025-25040

CVE-2025-25040 affects HPE Aruba CX 9300 CX-9300 switches running AOS-CX. The issue is in port ACL enforcement on routed ports for egress traffic, allowing bypass of ACLs and potential unauthorized traffic flow. Affected: AOS-CX 10.14.xxxx (all patches) and 10.15.xxxx (10.15.1000 and below). Not ...

Important: Red Hat Security Advisory: ovn23.03 security update

An update for ovn23.03 is now available for Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2024-50490

Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through = 1.0.2...

CVE-2025-23042

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

PT-2024-8206 · Cisco · Cisco Nexus 3550-F Switches

Name of the Vulnerable Software and Affected Versions: Cisco Nexus 3550-F Switches affected versions not specified Description: A vulnerability in the access control list ACL programming could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management...

CVE-2024-29213

Ivanti DSM version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector...

CVE-2021-34696

A vulnerability in the access control list ACL programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a...

CVE-2020-10145

The Adobe ColdFusion installer fails to set a secure access-control list ACL on the default installation directory, such as C:\ColdFusion2021. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability...