6148 matches found
EUVD-2026-8675
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected syste...
CVE-2026-25220 OpenEMR Messages "Show All" Not Restricted to Admins
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter showall=yes and passes it to getPnotesByUser, which returns all internal messages all users’ notes. The backend does not...
EUVD-2026-8705
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter showall=yes and passes it to getPnotesByUser, which returns all internal messages all users’ notes. The backend does not...
CVE-2026-25220 OpenEMR Messages "Show All" Not Restricted to Admins
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter showall=yes and passes it to getPnotesByUser, which returns all internal messages all users’ notes. The backend does not...
CVE-2026-25220
The CVE describes an access control flaw in OpenEMR prior to version 8.0.0 where the Message Center accepts the URL parameter show_all=yes and passes it to getPnotesByUser() without verifying admin rights. A non-admin, authenticated user could view the entire internal messages list by requesting ...
CVE-2026-27507
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device...
CVE-2026-20127
CVE-2026-20127 concerns a vulnerability in the peering authentication of Cisco Catalyst SD-WAN Controller (formerly SD-WAN vSmart) and Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage). The flaw allows an unauthenticated, remote attacker to bypass authentication and obtain administrative pr...
CVE-2026-20127 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication a...
EUVD-2026-8637
A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...
CVE-2025-1242
CVE-2025-1242 affects Gardyn Home Kit via Gardyn IoT Hub. Root cause: hard-coded administrative credential iothubowner exposed across multiple vectors (API responses, mobile app, and device firmware), enabling unauthenticated full admin access to the hub and connected devices. Connected documents...
CVE-2026-21725
A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...
CVE-2026-21725
A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...
CVE-2026-21725
A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...
UBUNTU-CVE-2026-21725
A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...
CVE-2026-21725
A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...
CVE-2026-21725
CVE-2026-21725 describes a TOCTOU issue in Grafana data sources where a recently deleted-then-recreated datasource can be re-deleted by an attacker. Conditions include admin access before first deletion, a 30-second window on the same pod, the attacker deleting the datasource, a recreate by anoth...
CVE-2026-21725
A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...
EUVD-2026-8611
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...
PT-2026-21901
Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A time-of-create-to-time-of-use TOCTOU issue allows re-deletion of recently deleted and recreated data sources without authorization. The attack requires specific conditions: admin access to...
VMware Aria Operations 安全漏洞
VMware Aria Operations is a unified, AI-driven automated IT operations management platform provided by the American company VMware. It is suitable for private cloud, hybrid cloud, and multi-cloud environments. There is a security vulnerability in VMware Aria Operations, which stems from permissio...