784 matches found
CVE-2026-53833
OpenClaw before 2026.4.29 contains an authorization bypass in the QQBot streaming command that lets authenticated senders mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside the intended admin policy by accessing the affected co...
CVE-2026-20210
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...
CVE-2026-44408
There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface...
CVE-2026-41953
A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-40631
An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-44408 Unauthorized access vulnerability in ZTE MU5250
There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface...
CVE-2026-44408 Unauthorized access vulnerability in ZTE MU5250
There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface...
MLflow 访问控制错误漏洞
MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Version 3.9.0 of MLFlow contains a security vulnerability related to access control. This...
ZTE MU5250 信息泄露漏洞
The ZTE MU5250 is a 5G mobile Wi-Fi device produced by ZTE Corporation. The ZTE MU5250 has a vulnerability related to information leakage, which stems from improper control of web interface permissions. Unauthorized attackers can modify the configuration through these interfaces...
CVE-2026-20210
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...
EUVD-2026-30326
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...
CVE-2026-20210
CVE-2026-20210 affects Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage). A vulnerability arises from failure to redact sensitive information in device configurations and templates. An authenticated, remote attacker with read-only permissions can escalate to a high-privileged user, potentia...
CVE-2026-20210 Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...
CVE-2026-20182 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...
SiYuan 授权问题漏洞
SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 had an authorization issue vulnerability. This vulnerability stemmed from the lack of administrator and read-only permission checks for 8 API endpoints, which could lead to...
CVE-2026-0240
An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify...
CVE-2026-0240
Mode C: CVE-2026-0240 affects Trust Protection Foundation. It describes an information disclosure vulnerability where an authenticated attacker can access sensitive data from the server vault, potentially impersonate any user and arbitrarily modify configuration settings. The available references...
CVE-2026-42406 BIG-IP and BIG-IQ privilege escalation vulnerability
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...
CVE-2026-32643
CVE-2026-32643 affects BIG-IP and BIG-IQ. An authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Impact includes execution of system commands, file creation/deletion, and potential Appliance mode restrictions by...
K000160975: BIG-IP privilege escalation vulnerability CVE-2026-41953
Security Advisory Description A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. CVE-2026-41953 Impact This vulnerability may allow a highly...