25 matches found
CVE-2026-0977
IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls...
CVE-2020-7293
Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface...
CVE-2025-36093
CVE-2025-36093 affects IBM Cloud Pak for Business Automation 25.0.0, 24.0.1, and 24.0.0. An improper access-control design could allow an attacker to access unauthorized content or perform unauthorized actions via man-in-the-middle techniques. This is supported by multiple connected sources ident...
CVE-2025-49906
Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through = 2.9.5.3...
EUVD-2025-12728
Malicious code in bioql PyPI...
EUVD-2024-49022
Malicious code in bioql PyPI...
EUVD-2024-16888
Malicious code in bioql PyPI...
EUVD-2025-16976
Malicious code in bioql PyPI...
EUVD-2023-59404
Malicious code in bioql PyPI...
EUVD-2025-12727
Malicious code in bioql PyPI...
EUVD-2023-44942
Malicious code in bioql PyPI...
WordPress Alone Code Injection Vulnerability
WordPress Alone is a theme designed for nonprofit organizations, primarily for the WordPress platform. WordPress Alone suffers from a code injection vulnerability that stems from improper code generation controls, no details of the vulnerability are provided at this time...
CVE-2025-5428
A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2024-22316
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls...
PT-2025-16553 · Totolink · Totolink A3700R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A critical vulnerability was found in the TOTOLINK A3700R, affecting the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access...
PT-2025-15035 · Unknown · Xujiangfei Admintwo
Name of the Vulnerable Software and Affected Versions: xujiangfei admintwo version 1.0 Description: A critical issue affects some unknown functionality of the file /user/updateSet, where the manipulation of the email argument leads to improper access controls. This issue can be exploited remotely...
CVE-2025-2993
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14408. Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit...
CVE-2025-2218
A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The...
EmbedAI 访问控制错误漏洞
EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. An access control error vulnerability exists in EmbedAI version 2.1 and prior versions that stems from improper access control...
CVE-2025-0783 pankajindevops scale API Endpoint access control
A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. This affects an unknown part of the component API Endpoint. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use...