CVE-2026-38533

An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...

CVE-2026-38533

An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002018)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002018 advisory. The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an...

CVE-2025-13809

A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...

EUVD-2014-4707

Malware in sbrugna...

EUVD-2009-0458

Malware in sbrugna...

EUVD-2011-2734

Malware in sbrugna...

EUVD-2011-4595

Malware in sbrugna...

EUVD-2014-4695

Malware in sbrugna...

CVE-2011-4677

One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

SUSE CVE-2014-0101

The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...

Design/Logic Flaw

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended...

CVE-2014-4788

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended...

CVE-2011-4677

Vulnerability : CVE-2011-4677 affects One Click Orgs prior to 1.2.3. Root cause : authentication fields lack the off autocomplete attribute, enabling credential exposure on unattended workstations. Impact : supports easier access by remote attackers as described in sources; exact exploit details,...