Unauthorized Session Creation via Reserved Framework Path Access

An authentication bypass vulnerability exists in Vaadin applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without a trailing slash bypasses security filters, allowing unauthenticated users to trigger framework...

CVE-2020-7573

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control...

CVE-2020-7531

A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user...

EUVD-2020-28698

Malware in sbrugna...

EUVD-2019-16362

Malware in sbrugna...

EUVD-2019-15219

Malware in sbrugna...

EUVD-2018-19559

Malware in sbrugna...

EUVD-2020-28672

Malware in sbrugna...

EUVD-2023-43101

Malicious code in bioql PyPI...

CVE-2025-46391

CWE-284: Improper Access Control...

CVE-2024-32124

An improper access control vulnerability CWE-284 in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request...

CVE-2018-7847

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus...

CVE-2019-6810

CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module all firmware versions, which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol...

CVE-2025-43563 ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-30203 DESCRIPTION: GNU Emacs could provide weaker than expected security,...

CVE-2025-27190

Summary (CVE-2025-27190) : Adobe Commerce (Magento) versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could bypass security features and grant unauthorized access. The issue, exploitable without user interactio...

Security Bulletin: TSSC/IMC is vulnerable to 6 unspecified vulnerabilities in Java SE

Summary TSSC/IMC is vulnerable to 6 unspecified vulnerabilities in Java SE. The latest code level has an upgrade to the relevant libaries to fix CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952 Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: A...

Security Bulletin: IBM Data Product Hub is vulnerable with IBM Semeru Runtime Quarterly CPU - Jul 2024 (CVE-2024-21131, CVE-2024-21144)

Summary IBM Data Product Hub has a dependency on IBM Semeru Runtime which is vulnerable CVE-2024-21131, CVE-2024-21144. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21144 DESCRIPTION: An unspecified vulnerability in Java SE...

Security Bulletin: IBM Sterling File Gateway myfg 2.0 has Access Control Vulnerabilities (CVE-2024-22316 CVE-2023-47159)

Summary IBM Sterling File Gateway myfg 2.0 has Access Control Vulnerabilities. Vulnerability Details CVEID:CVE-2024-22316 DESCRIPTION: IBM Sterling File Gateway could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. CWE:CWE-284:...

Security Bulletin: IBM PowerVM Novalink is vulnerable because an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts.(CVE-2024-21147)

Summary IBM PowerVM Novalink is vulnerable because an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java ...