WWBN AVideo 加密问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained vulnerabilities related to encryption. These vulnerabilities stemmed from the use of weak RSA keys and the lack of authentication at the endpoint, which could lead...

ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints

Summary Missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction information. Impact This vulnerability allows an unauthenticated attack...

EUVD-2021-11297

Malware in sbrugna...

EUVD-2023-32147

Malicious code in bioql PyPI...

EUVD-2025-5928

Malicious code in bioql PyPI...

CVE-2025-27500

OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint/api/upload on the admin panel can be accessed without any form of authentication. This endpoint accepts an HTTP POST to upload a file which is then stored on the node and is available via URL...

CVE-2025-27500 Cross Site Scripting potential in Ziti Console

OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint/api/upload on the admin panel can be accessed without any form of authentication. This endpoint accepts an HTTP POST to upload a file which is then stored on the node and is available via URL...

CVE-2025-0159

IBM FlashSystem/Storage Virtualize RPCAdapter authentication bypass (CVE-2025-0159) affects multiple IBM Storage Virtualize builds (8.5.0.0–8.7.2.1) where a remote attacker can bypass RPCAdapter endpoint authentication by sending a crafted HTTP request. The issue is tied to the RPCAdapter service...

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

CVE-2024-21877 Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability through a url parameter in Enphase IQ Gateway formerly known as Envoy allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and 8.2.4225...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not enabling proper endpoint authentication...

CVE-2024-37152

Argo CD exposes sensitive settings via /api/v1/settings without authentication, enabling unauthenticated access to items such as passwordPattern. The issue is fixed in versions 2.11.3, 2.10.12, and 2.9.17. Affected product: Argo CD (Kubernetes GitOps tool). Root cause described across sources as ...

Cisco IP Phone 安全漏洞

The Cisco IP Phone is a hardware device from the American company Cisco, Inc. IP Phone that provides calling capabilities. A security vulnerability exists in the Cisco IP Phone that stems from a lack of authentication to a specific endpoint, which could allow an unauthenticated remote attacker to...

CVE-2023-39422

The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless...

Time-of-check To Time-of-Use (TOCTOU)

go.etcd.io/etcd/v3 is vulnerable to time-of-check to time-of-use. The vulnerability exists because the startGateway function of gateway.go does not properly handle gateway endpoint validations, allowing an attacker to bypass the authentication mechanism...

GHSA-H8G9-6GVH-5MRC etcd vulnerable to TOCTOU of gateway endpoint authentication

Vulnerability type Authentication Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail The gateway only authenticates endpoints detected from DNS SRV records, and it only authenticates th...

Hybrid-Work Drives Hardware Security Strategies

Remote workforce, hybrid-cloud and Zero-Trust trends are pushing security teams to focus on hardware-assisted security strategies to better secure an evolving attack surface changed significantly by COVID. To address new challenges, hardware-assisted security is viewed as an effective and...

Apache Hadoop web endpoint privilege escalation vulnerability

Apache Hadoop is a set of open source distributed systems infrastructure of the U.S. Apache Apache Software Foundation. The product is capable of distributed processing of large amounts of data and is characterized by high reliability, high scalability, high fault tolerance and so on. Apache Hado...

CVE-2018-11764

Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured...

Microsoft .NET Framework 身份验证绕过漏洞(CVE-2013-1337)(MS13-040)

BUGTRAQ ID: 59790 CVECAN ID: CVE-2013-1337 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 当设置自定义 WCF 终结点身份验证时，Microsoft .NET Framework...