218466 matches found
CVE-2026-50101
creationtimestamp| type| source ---|---|--- 2026-06-11 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02...
CVE-2026-50099
creationtimestamp| type| source ---|---|--- 2026-06-11 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02...
CVE-2026-50244
creationtimestamp| type| source ---|---|--- 2026-06-11 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02...
MAL-2026-5584 Malicious code in justgetit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6e3691bf83f31d1f1dd45e3224151455cbcf6b03acf1d50a25a96eb69ef3065 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Cluster Control CMON API - Directory Traversal
Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API. id: CVE-2024-41628 info: name: Cluster Control CMON API...
pyLoad Flask Config - Access Control
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77. id: CVE-2024-21644 info: name: pyLoad Flask Config ...
Adobe Connect < 12.1.5 - Local File Disclosure
Adobe Connect versions 11.4.5 and earlier, 12.1.5 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not...
DATAGERRY - REST API Auth Bypass
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests. id: CVE-2024-46627 info: name: DATAGERRY - REST API Auth Bypass author: gy741 severity: critical description: | Incorrect access control in BECN DATAGERRY v2.2 allows attackers...
Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control
Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-38817 info: name: Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control author: For3stCo1d...
TVT DVR Sensitive Device - Information Disclosure
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5LMM and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. id: CVE-2024-7339...
Zyxel ZyWall UAG/USG - Account Creation Access
Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the "Free Time" component. This can lead to unauthorized network access or DoS attacks. id: CVE-2019-12583 info: name: Zyxel ZyWall UAG/USG - Account Creation...
Kerio Control v9.2.5 - CRLF Injection
Kerio Control, formerly known as Kerio WinRoute Firewall, has been found vulnerable to multiple HTTP Response Splitting vulnerabilities in product affecting versions 9.2.5 id: CVE-2024-52875 info: name: Kerio Control v9.2.5 - CRLF Injection author: ritikchaddha,iamnoooob,rootxharsh,pdresearch...
Lin CMS Spring Boot - Default JWT Token
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application. id: CVE-2022-32430 info: name: Lin CMS Spring Boot - Default JWT Token author: DhiyaneshDK severity: high description: | An access control issue in Lin CM...
CrushFTP < 10.5.1 - Unauthenticated Remote Code Execution
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. id: CVE-2023-43177 info: name: CrushFTP 10.5.1 - Unauthenticated Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: critical description: | CrushFTP prior...
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. id: CVE-2019-2578 info: name: Oracle Fusion...
Centos Web Panel 0.9.8.480 - Local File Inclusion
Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version. id: CVE-2018-18323 info: name: Centos Web Panel 0.9.8.480 - Local File Inclusion author:...
Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and...
JumpServer > 3.6.4 - Information Disclosure
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...
DELMIA Apriso - Broken Access Control
DELMIA Apriso Release 2020 through Release 2025 contains a broken access control vulnerability caused by missing authorization, letting attackers gain privileged access to the application, exploit requires no special conditions. id: CVE-2025-6205 info: name: DELMIA Apriso - Broken Access Control...
Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control
Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....