1027 matches found
CVE-2026-15389 Inadequate access control in Sesame Time session management
A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier USID as the sole validation mechanism, without verifying whether that...
CVE-2026-10706
In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...
GO-2026-5359 Grafana Tempo has Inadequate Encryption Strength in github.com/grafana/tempo
Grafana Tempo has Inadequate Encryption Strength in github.com/grafana/tempo. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
CVE-2025-62340
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity...
CVE-2025-62340
HCL iControl is affected by CVE-2025-62340 (Inadequate Session Timeout). The vulnerability is a failure of the web application to automatically terminate user sessions after a period of inactivity. According to the provided sources, the affected product is HCL iControl, with impact described as C...
PT-2026-50376
Name of the Vulnerable Software and Affected Versions HCL iControl affected versions not specified Description HCL iControl is affected by an inadequate session timeout issue. This occurs when a web application fails to automatically terminate user sessions after a period of inactivity, potential...
ROS-20260609-73-0020
The vulnerability of the Canvas2D component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to insufficient testing for unusual or exceptional states. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
CVE-2026-49000
An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...
CVE-2024-40684 IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism
IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...
CVE-2024-40684
CVE-2024-40684 affects IBM Operations Analytics – Log Analysis (versions 1.3.5.0–1.3.8.4). The root cause is weaknesses in backend authentication and session management that allow weak password policy enforcement by default, facilitating potential account compromise. Impact is described as a lack...
CVE-2024-40684 IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism
IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...
ZTE ZXUniPOS NDS-LTE 安全漏洞
ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has security vulnerabilities, which stem from unsafe password schemes. These include improper selection of encryption algorithms, inadequate key management, or defects in code...
PT-2026-43321
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Inadequate content filtering within the checkAttribute methods leads to Cross-Site Scripting XSS, a condition where malicious scripts are injected into otherwise...
Inadequate Encryption Strength
Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to insufficient enforcement of length and entropy requirements for the JWTSECRET configuration value. An attacker can gain unauthorized access to user accounts by forging authentication tokens using we...
Inadequate Encryption Strength
github.com/enchant97/note-mark/backend is vulnerable to Inadequate Encryption Strength. The vulnerability is due to missing enforcement of minimum length and entropy requirements for the JWTSECRET value, which allows an attacker to brute-force weak secrets and forge valid JWT tokens...
The vulnerability of the WebAssembly component in the Firefox web browser and the Thunderbird email client, which allows a hacker to trigger a service failure
The vulnerability of the WebAssembly component in the Firefox web browser and the Thunderbird email client is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a remote attacker to cause service failures...
CVE-2026-5749
Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise th...
[20260519] - Framework - Inadequate content filtering within the checkAttribute filter code
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...
PT-2026-33925
This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this...
Incomplete List of Disallowed Inputs
Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate authorization checks in the containerRequestHandler process. An attacker can gain unauthorized access to sensitive system information and trigger actions on systems they do not belong to b...