70 matches found
CVE-2026-35076
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35083 Stack buffer overflow in method bac-deviceobject
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root...
CVE-2026-35083 Stack buffer overflow in method bac-deviceobject
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root...
CVE-2026-35076
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35076 Arbitrary file delete vulnerability in method bac-scanresult
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
EUVD-2026-34072
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35076 Arbitrary file delete vulnerability in method bac-scanresult
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35076
CVE-2026-35076 describes an arbitrary local file delete vulnerability in the bac-scanresult method caused by insufficient validation of user-controlled input. The issue allows a remote attacker with user privileges to delete arbitrary local files. The provided metrics indicate a high-severity imp...
MBS多款产品 安全漏洞
MBS Single-A and other models are a series of industrial communication gateways developed by the German company MBS. The MBS Universal Gateways have a security vulnerability; this vulnerability stems from the insufficient validation of user-controlled inputs in the bac-scanresult method, which...
PT-2026-45917
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files. This is caused by insufficient validation of...
EUVD-2016-5482
Malware in sbrugna...
MAL-2025-9805 Malicious code in @zalastax/nolb-_bac (npm)
The package @zalastax/nolb-bac was found to contain malicious code...
recherche-collection-search.bac-lac.gc.ca Cross Site Scripting vulnerability OBB-3178473
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Exploit for Improper Access Control in Webmin
golang-webmin-CVE-2022-0824-revshell RCE in Webmin target ur...
WooCommerce < 6.6.0 - Admin+ Stored HTML Injection
The plugin is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles Go to WooCommerce - Settings - Payments tab, enable BAC Bank Account Transfers and edit the title in the setup dialog. HTML can be injected there, and will be rendered both for...
WooCommerce < 6.6.0 - Admin+ Stored HTML Injection
The plugin is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles PoC Go to WooCommerce - Settings - Payments tab, enable BAC Bank Account Transfers and edit the title in the setup dialog. HTML can be injected there, and will be rendered both f...
CVE-2021-43393
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...
Atlassian Jira Access Control Error Vulnerability (CNVD-2021-103654)
Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira is vulnerable to an access control error that occurs when a network system or product does not properly restrict access to resources from unauthorized roles. A remote attacker could exploit this...
CVE-2021-39127
Vulnerability: Atlassian Jira Server/Data Center exposes a Broken Access Control (BAC) vulnerability in the JQL query endpoint. Affected versions:
CVE-2021-39127
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability BAC vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1...