Xorux XorMon-NG Web Application Privilege Escalation to Administrator

Vulnerability Details Affected Vendor: Xorux Affected Product: XorMon-NG Affected Version: 1.8 and prior Platform: Debian CWE Classification: CWE-648: Incorrect Use of Privileged APIs CVE ID: CVE-2025-54765 2. Vulnerability Description An API endpoint that should be limited to web application...

Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information

Vulnerability Details Affected Vendor: Xorux Affected Product: XorMon-NG Affected Version: 1.8 and prior Platform: Debian CWE Classification: CWE-648: Incorrect Use of Privileged APIs CVE ID: CVE-2025-54766 2. Vulnerability Description An API endpoint that should be limited to web application...

Siemens Unicam FX

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Access to all file-versions of a user - ownCloud security advisory

Platform: ownCloud Server Versions: 10.3.0 Date: 2/28/2020 Risk: Medium CVSS v3 Base Score: 6.8 CVSS v3 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CWE ID: 648 CWE Name: Incorrect Use of Privileged APIs...

Design/Logic Flaw

Fred MODX Revolution 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixed version is:...

CVE-2019-1010178

CVE-2019-1010178 affects MODX Revolution ≤ 1.0.0-beta4/β5 via the Fred add-on (assets/components/fred/web/elfinder/connector.php). The root cause is Incorrect Access Control (CWE-648), enabling Remote Code Execution. The attack vector involves uploading a PHP file or altering data in the database...