41 matches found
Progress ShareFile Storage Zones Controller - Authentication Bypass
Customer Managed ShareFile Storage Zones Controller SZC contains an authentication bypass Execution After Redirect that allows unauthenticated attackers to access restricted configuration pages. This leads to changing system configuration and potential remote code execution. id: CVE-2026-2699 inf...
CVE-2026-2699
Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...
CVE-2026-2699 EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...
CVE-2026-2699
Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...
CVE-2026-2699
CVE-2026-2699 affects Progress ShareFile Storage Zones Controller (SZC). An unauthenticated attacker can bypass authentication to access restricted configuration pages (notably via the Admin.aspx path), enabling changes to system configuration and potentially enabling remote code execution. The i...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and...
EUVD-2024-53760
Malicious code in bioql PyPI...
EUVD-2025-25036
Malicious code in bioql PyPI...
EUVD-2025-20697
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-12094
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or...
CVE-2025-8361
Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0...
CVE-2025-8361
Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0...
CVE-2025-8361
Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0...
CVE-2025-8361 Config Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-093
Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0...
CVE-2025-8361
CVE-2025-8361 is a Missing Authorization vulnerability affecting Drupal Config Pages (plugin) prior to 2.18.0, leading to forced browsing of config pages. Affected component: Drupal Config Pages module (versions 0.0.0 through 2.17.9). Root cause: lack of proper authorization checks in config-page...
CVE-2025-8361 Config Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-093
Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0...
Drupal Config Pages 安全漏洞
Drupal Config Pages is a configuration page plugin for the Drupal community. A security vulnerability exists in Drupal Config Pages versions prior to 2.18.0, which stems from a lack of authorization and could lead to forced browsing...
PT-2025-33498 · Drupal · Drupal Config Pages
Name of the Vulnerable Software and Affected Versions: Drupal Config Pages versions 0.0.0 through 2.17.9 Description: Missing authorization allows forceful browsing of Config Pages. Recommendations: Update to version 2.18.0 or later...
Drupal Config Pages module < 2.18.0 - Authenticated Broken Access Control vulnerability
Authenticated Broken Access Control vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Config Pages versions 2.18.0...
Config Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-093
This module enables you to access an edit page for a config page. The module doesn't sufficiently check the access permissions hookENTITYTYPEaccess wasn't taken into account. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "edit ID config page" an...