6 matches found
Incorrect Authorization
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incorrect Authorization in the...
EUVD-2026-37894
A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1V1.0.6.020230803 enables unauthenticated network actors to bypass the device’s credential-enforced live-view workflow and directly retrieve real-tim...
CVE-2026-44327 free5GC: NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handl...
CVE-2026-33650
Summary: WWBN AVideo (≤26.0) allows a user with the Videos Moderator permission to perform full video management, including ownership transfer and deletion, despite the permission only enabling publicity changes. Root cause: Permissions::canModerateVideos() is used as the authorization gate for f...
OpenClaw DM pairing-store identities could satisfy group allowlist authorization
Summary DM pairing-store identities were incorrectly eligible for group allowlist authorization checks, enabling cross-context authorization in group message paths. Details In affected versions, group allowlist evaluation could inherit identities from the DM pairing store. A sender approved via D...
CVE-2025-14987
CVE-2025-14987 : Temporal server has an Incorrect Authorization flaw when system.enableCrossNamespaceCommands is enabled (default on). The frontend validates RespondWorkflowTaskCompleted for the outer namespace, but the history service executes commands using the namespace embedded in command att...