32 matches found
EUVD-2026-30790
DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation. Attackers can exploit th...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001477)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001477 advisory. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Tenable has extracted the precedin...
EUVD-2023-29539
Malicious code in bioql PyPI...
CVE-2025-52575 EspoCRM vulnerable to LDAP Injection through Improper Neutralization of Special Elements
EspoCRM is an Open Source CRM Customer Relationship Management software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard...
CVE-2022-48289
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...
CVE-2024-36132
Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources...
CVE-2022-33162 IBM Directory Server buffer overflow
IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user. IBM X-Force I...
Authentication flaw
A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to...
Roxy WI v6.1.0.0 - Improper Authentication Control Vulnerability
Exploit Title: Roxy WI v6.1.0.0 - Improper Authentication Control Date of found: 21 July 2022 Application: Roxy WI = v6.1.0.0 Author: Nuri Çilengir Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Advisory:...
Roxy WI 6.1.0.0 Improper Authentication Control
Exploit Title: Roxy WI v6.1.0.0 - Improper Authentication Control Date of found: 21 July 2022 Application: Roxy WI = v6.1.0.0 Author: Nuri Çilengir Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Advisory:...
Roxy WI v6.1.0.0 - Improper Authentication Control
Exploit Title: Roxy WI v6.1.0.0 - Improper Authentication Control Date of found: 21 July 2022 Application: Roxy WI = v6.1.0.0 Author: Nuri Çilengir Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Advisory:...
Privilage escalation allows user with read access only to edit admin portal and take actions
Overview of the Vulnerability Authentication and session management controls can be bypassed in a variety of ways including, calling an internal post-authentication page, modifying the given URL parameters, by manipulating the form, or by counterfeiting sessions. The authentication method for thi...
Security Bulletin: Access Security Control Vulnerability Affects IBM Sterling File Gateway (CVE-2021-20375)
Summary IBM Sterling File Gateway has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2021-20375 DESCRIPTION: IBM Sterling File Gateway could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. CVSS Base score...
CVE-2020-24503
Insufficient access control in some IntelR Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access...
Cisco Web Security Appliance Unauthorized Device Reset Vulnerability
According to its self-reported version, Cisco Web Security Appliance WSA is affected by the following vulnerability: - A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform an...
CVE-2019-1660 Cisco TelePresence Management Suite Simple Object Access Protocol Vulnerability
A vulnerability in the Simple Object Access Protocol SOAP of Cisco TelePresence Management Suite TMS software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the...
CVE-2018-0119
CVE-2018-0119 describes an information-disclosure flaw in Cisco Spark’s account-service authentication controls. The issue stems from the improper display of user-account tokens, which could let an authenticated remote attacker log in with a token from another account and interact with or view re...
CVE-2017-3142
A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. Mitigation The effects of this...
Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability
A vulnerability in the application programming interface API for the Platform and Applications Manager PAM for the Cisco Virtual Media Packager VMP could allow an unauthenticated, remote attacker to access the PAM API. The PAM API is only accessible using the SSL or TLS protocol. The vulnerabilit...
simple-image-manipulator <= 1.0 - Remote File Download
Plugin is still affected and has been closed. In ./simple-image-manipulator/controller/download.php no checks are made to authenticate the user or sanitize input when determining file location. PoC $ curl...