GHSA-CM54-PFMC-XRWX Gitea mishandles authorization for deletion of releases

Gitea before 1.25.2 mishandles authorization for deletion of releases...

EUVD-2025-205406

Gitea before 1.25.2 mishandles authorization for deletion of releases...

CVE-2025-68938

Gitea before 1.25.2 mishandles authorization for deletion of releases...

EUVD-2016-3947

Malware in sbrugna...

CVE-2022-24306

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled...

CVE-2021-36383

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

CVE-2025-32408

In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled...

PT-2025-17433 · Unknown · Soffid Console

Name of the Vulnerable Software and Affected Versions: Soffid Console versions 3.5.38 through 3.5.38 Soffid Console versions 3.6.31 through 3.6.31 Description: The issue is related to the mishandling of authorization to use the pam service in Soffid Console. Additionally, necessary checks were no...

CVE-2022-42978

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system...

CVE-2022-24306

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled...

CVE-2022-24306

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled...

CVE-2021-36383

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

CVE-2017-7588

On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW...

CVE-2017-7588

Summary of CVE-2017-7588 (Brother devices) : A flaw in web authentication on numerous Brother models (MFC/J-series, DCP, HL, ADS, etc.) where a valid AuthCookie cookie from a failed login response is echoed back, enabling an attacker to bypass login without correct credentials. Affected models in...

CVE-2016-2874

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors...