408 matches found
CVE-2025-62650
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen...
Fortinet FortiPAM OS Command Injection Vulnerability (CNVD-2025-24146)
FortiPAM is Fortinet's privileged access management solution for centralized management of sensitive enterprise credentials. A security vulnerability exists in Fortinet FortiPAM that stems from an insufficiently strong authentication mechanism. An attacker could exploit the vulnerability to execu...
Security Updates for Microsoft Exchange Server (October 2025)
The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities as referenced in the October, 2025 security bulletin. - Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate...
CVE-2025-61779
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...
EUVD-2019-8744
Malware in sbrugna...
EUVD-2018-2429
Malware in sbrugna...
EUVD-2019-8026
Malware in sbrugna...
EUVD-2023-43674
Malicious code in bioql PyPI...
EUVD-2022-26192
Malicious code in bioql PyPI...
EUVD-2022-53191
Malicious code in bioql PyPI...
Flowise has unsandboxed remote code execution via Custom MCP
Summary The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, the default installation of...
CVE-2025-54336
In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...
CVE-2025-8943 Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...
CVE-2025-40743
CVE-2025-40743 affects multiple Siemens SINUMERIK controllers (828D PPU.4, 828D PPU.5, 840D sl, MC, MC V1.15, ONE, ONE V6.15) with VNC access authentication that does not validate passwords sufficiently. This could enable unauthorized remote access to affected systems and potentially impact confi...
PT-2025-32796
Name of the Vulnerable Software and Affected Versions Windows Installer versions affected versions not specified Description A weak authentication issue in Windows Installer allows an authorized attacker to elevate privileges locally. The vulnerability is related to an authentication bypass. A...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to access and modify data.
The vulnerability of the Cisco Identity Services Engine ISE’s web management interface is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain access and modify data by sending a specially crafted HTTP request...
The vulnerability of the Single Sign-On component in macOS operating systems allows a perpetrator to gain unauthorized access to confidential data.
The vulnerability of the Single Sign-On component in macOS operating systems is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow attackers to gain unauthorized access to confidential data...
The vulnerability of the SetDDNSSettings() function (/HNAP1/) of the DDNS Service component of the D-Link DIR-823G router’s software, which allows a hacker to circumvent security restrictions.
The vulnerability of the SetDDNSSettings function /HNAP1/ of the DDNS Service component of the D-Link DIR-823G router’s software stack is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to circumvent security restrictions from a...
The vulnerability of the configuration of the Version Control System (VCS) of the Continuous Integration and Delivery Application Framework (CI/CD) tool JetBrains TeamCity allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the TeamCity VCS configuration in continuous integration and delivery systems is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information from a remote location...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in the authentication process, which allows unauthorized users to gain unauthorized access to protected information.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...