Netgear-WN604 downloadFile.php - Information Disclosure

There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be...

CVE-2025-59887

CVE-2025-59887 affects Eaton UPS Companion software installer. The issue is improper authentication of library files within the installer, which could allow an attacker with access to the software package to execute arbitrary code on the target system. Eaton indicates the vulnerability has been f...

CVE-2025-59887

Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

CVE-2025-59889

Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of IPP which is available on the Eaton download center...

ConnectWise Automate Agent 安全漏洞

ConnectWise Automate Agent is a remote monitoring and management software from ConnectWise USA. A security vulnerability exists in ConnectWise Automate Agent that stems from not fully verifying the authenticity of files downloaded from a server, which could lead to a man-in-the-middle attack...

CVE-2025-59889

Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of IPP which is available on the Eaton download center...

EUVD-2025-34139

Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package...

EUVD-2018-9663

Malware in sbrugna...

EUVD-2025-12507

Malicious code in bioql PyPI...

Authelia's Group Changes may not have the expected results (YAML file backend)

Impact Under very specific conditions changes to a users groups may not have the expected results. The specific conditions are: The file authentication backend is being used. The watch option is set to true. The refreshinterval is configured to a non-disabled value. The users groups are adjusted ...

LeptonCMS Arbitrary File Upload Vulnerability

LeptonCMS is a content management system CMS for the Lepton Project. An arbitrary file upload vulnerability exists in LeptonCMS version v7.0.0, which stems from the application's lack of effective authentication of uploaded files. An authenticated attacker can exploit this vulnerability to execut...

CVE-2023-7226 meetyoucrop big-whale Admin Module all.api improper ownership management

A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be...

IBM Security Verify Governance Code Issue Vulnerability

IBM Security Verify Governance is an intelligent identity access platform from International Business Machines IBM, Inc. provides organizations with a platform to analyze, define and control user access and access risk. A code issue vulnerability exists in IBM Security Verify Governance version...

CVE-2021-36294

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user...

Authentication flaw

AVE DOMINAplus =1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful...

Multiple Adobe Product Security Feature Bypass Vulnerabilities

Adobe Acrobat and so on are the United States of America Odo than Adobe company's products. Adobe Acrobat is a set of PDF file editing and conversion tools. reader is a set of PDF document reading software. Adobe Acrobat Reader is a PDF viewer. Several Adobe products have security vulnerabilities...

ownCloud: SMB User Authentication Bypass and Persistence

Authentication Bypass ================== The external user authentication app in OwnCloud does not properly authenticate against an SMB server. In it's current implementation, the file owncloud/apps/userexternal/lib/smb.php, line 46-47 uses the command smbclient -L //host/dummy -Uuser%pass, where...

Vuln. in all sites using PHP-Nuke, versions less than 3

Greetings, PHP-Nuke is a Web Portal System, storytelling software also an automated web site to distribute news and articles with users system. Exploit: ------- The problem is when somebody does a http://example.com/admin.php3?admin=whatever, can have full access as an admin, that means posting...