CVE-2026-5936

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints e.g., cloud metadata services, or bypass...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the IdentityBrokerService.performLogin endpoint allowing authentication with disabled identity providers, potentially leading to bypass of access...

Hallo Welt! BlueSpice 安全漏洞

Hello Welt! BlueSpice is a corporate knowledge base management software developed by the German company Hallo Welt!. There is a security vulnerability in BlueSpice, which stems from improper permission allocation for files and directories that are accessible from outside, as well as critical...

CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

CVE-2024-7005

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. Chromium security severity: Low...

CVE-2024-7004

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. Chromium security severity: Low...

CVE-2024-7005

CVE-2024-7005 concerns Google Chrome/Chromium where insufficient validation of untrusted input in Safe Browsing allowed a remote attacker to bypass discretionary access control by convincing a user to perform specific UI gestures with a malicious file. The vulnerability affects Chrome/Chromium pr...

CVE-2023-49001

An issue in Indi Browser aka kvbrowser v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component...

CVE-2023-46319

WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface...

CVE-2023-46319

CVE-2023-46319 affects WALLIX Bastion, specifically versions 9.x prior to 9.0.9 and 10.x prior to 10.0.5. The issue is an access-control bypass in the network access administration web interface that allows unauthenticated access to sensitive information. Affected software is WALLIX Bastion; vuln...

CVE-2023-22488 Missing authorization in Flarum

Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the...

CVE-2022-33925

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information...

Improper access control

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information...

PT-2022-13453 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager WordPress plugin versions prior to 3.2.39 Description: The issue allows an attacker to brute force the master key for a download, generated using the uniqid php function, with reasonable resources. This gives direct download...

Improper access control

The public API error causes for the attacker to be able to bypass API access control...

CVE-2021-30605

Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls...

ROS-2-800

2.800 Vulnerabilities in Squid Proxy Server 1. Vulnerability description: Problems are present in the code processing the "@" block at the beginning of a URL "user@host" and allow bypassing access restriction rules, poisoning cache contents and performing a cross-site scripting attack.Identifier...

CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...