49 matches found
PT-2025-50116
Name of the Vulnerable Software and Affected Versions FortiPortal versions 7.4.0 through 7.4.5 Description An incorrect authorization issue exists in FortiPortal. An authenticated attacker may be able to reboot a shared FortiGate device by sending specially crafted HTTP requests. The issue is...
EUVD-2020-20695
Malware in sbrugna...
EUVD-2019-16392
Malware in sbrugna...
EUVD-2023-29500
Malicious code in bioql PyPI...
EUVD-2023-29499
Malicious code in bioql PyPI...
EUVD-2023-26746
Malicious code in bioql PyPI...
CVE-2023-22610
A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port...
CVE-2019-6838
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow a user with low privilege...
CVE-2024-45125 Adobe Commerce | Incorrect Authorization (CWE-863)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this...
CVE-2024-45125
Adobe Commerce (Magento Open Source) CVE-2024-45125 affects versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, due to an Incorrect Authorization vulnerability that can bypass security features. The issue allows a low-privilege attacker to impact integrity with a low severity (CVSS 3.1:...
CVE-2023-36556
An incorrect authorization vulnerability CWE-863 in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests...
CVE-2023-36556
An incorrect authorization vulnerability CWE-863 in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests...
CVE-2023-36556
Summary of CVE-2023-36556 (Fortinet FortiMail webmail): An incorrect authorization vulnerability (CWE-863) affects FortiMail webmail, with impact described as login to other users’ accounts within the same web domain via crafted HTTP/HTTPS requests. Affected versions are FortiMail webmail 7.2.0–7...
CVE-2023-32629
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovlcopyupmetainodedata skip permission checks when calling ovldosetxattr on Ubuntu kernels...
Hitachi Energy’s MicroSCADA Pro/X SYS600 Products
1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Public exploits are available Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Products Vulnerabilities: Permissions, Privileges, and Access Controls 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
CVE-2023-25547
A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...
CVE-2023-25548
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...
Authorization
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...
Authorization
A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...
CVE-2023-25547
A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...