PT-2026-37308

Name of the Vulnerable Software and Affected Versions YetAnotherForum.NET YAF.NET versions prior to 4.0.5 Description An authorization bypass exists because the PageSecurityCheckAttribute is implemented as a ResultFilterAttribute, which executes after the page handler completes. Consequently, any...

Oracle Access Manager (January 2026 CPU)

The 12.2.1.4.0 and 14.1.2.1.0 versions of Access Manager installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Webserver Plugin Intel C++...

EUVD-2022-27276

Malicious code in bioql PyPI...

CVE-2022-22127

Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau...

Tableau Server Broken Access Control (CVE-2022-22127)

Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau...

CVE-2022-22127

Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau...

CVE-2022-22127

Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau...

CVE-2022-22127

Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau...

CVE-2022-22127

Tableau Server (Local Identity Store) is affected by a broken access control vulnerability (CVE-2022-22127). A malicious site administrator can change passwords for users across different sites hosted on the same Tableau Server, enabling unauthorized access to data. Affected versions include 2020...

PT-2022-15263 · Tableau · Tableau Server

Name of the Vulnerable Software and Affected Versions: Tableau Server versions 2020.4.16 through 2021.4.4 and earlier Description: A broken access control issue is present in Tableau Server, affecting customers who use Local Identity Store for user management. This issue allows a malicious site...

Privilege Escalation

github.com/hashicorp/vault is vulnerable to privilege escalation. The vulnerability exists due to improper conditional check in handleAliasUpdate function in identitystorealiases.go allowing an authenticated attacker with specific write permissions to gain elevated privileges to perform...

CVE-2021-37153

ForgeRock Access Management AM before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue...

Authentication flaw

ForgeRock Access Management AM before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue...

CVE-2021-37153

ForgeRock Access Management AM before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue...

ForgeRock Access Management 授权问题漏洞

ForgeRock Access Management is a comprehensive, unified solution from ForgeRock USA designed to quickly enable a superior experience tailored to the unique needs of users and employees. versions, an authorization issue vulnerability exists that stems from an authentication bypass issue when...

Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability

Cisco Secure Access Control System ACS contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication service offered by the affected product. The vulnerability is due to improper validation of the user-supplied password when TACACS+ is the...