41 matches found
EUVD-2025-205901
The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...
CVE-2025-65900
Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...
EUVD-2025-198074
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected...
CVE-2025-20305
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with read-only Administrato...
EUVD-2016-7916
Malware in sbrugna...
CVE-2025-5468
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a local authenticated attacker to re...
CVE-2025-5468
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a local authenticated attacker to re...
Linux Distros Unpatched Vulnerability : CVE-2014-5020
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to...
CVE-2024-52960
A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...
CVE-2024-5911
CVE-2024-5911 affects Palo Alto Networks PAN-OS Panorama web interface via an arbitrary file upload vulnerability accessible to an authenticated read-write administrator. The issue can disrupt system processes and crash Panorama, with repeated attacks potentially forcing maintenance mode requirin...
CVE-2024-2433
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interfa...
CVE-2023-6791
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface...
CVE-2023-0008
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition...
SUSE CVE-2016-7031
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL...
CVE-2021-40123
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affecte...
USN-3452-1: Ceph vulnerabilities
It was discovered that Ceph incorrectly handled the handlecommand function. A remote authenticated user could use this issue to cause Ceph to crash, resulting in a denial of service. CVE-2016-5009 Rahul Aggarwal discovered that Ceph incorrectly handled the authenticated-read ACL. A remote attacke...
USN-3452-1 ceph vulnerabilities
It was discovered that Ceph incorrectly handled the handlecommand function. A remote authenticated user could use this issue to cause Ceph to crash, resulting in a denial of service. CVE-2016-5009 Rahul Aggarwal discovered that Ceph incorrectly handled the authenticated-read ACL. A remote attacke...
CVE-2017-5573
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators...
DEBIAN-CVE-2016-7031
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL...
CVE-2016-7031
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL...