CVE-2026-32680

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

WordPress plugin Flights Hotels Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Insecure Access Controls

github.com/argoproj/argo-cd uses insecure access controls. The Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-brute-force measures. An attacker is able to repeatedly perform authentication attempts to discover user credentials...

Insecure Access Controls

@curveball/a12n-server uses insecure access controls. Inadequate permissiosn check allows any authenticated user to perform unauthorized editting of other users' information...

Insecure Access Controls

Xen is vulnerable to denial of service. Unprivileged guest users are able to obtain and modify permissions, list and delete root nodes. This is due to permissions that are not properly enforced...

Privilege Escalation

odoo is vulnerable to privilege escalation. Insecure access controls allows remote authenticated users with access to contact management to modify user accounts, resulting in the attacker obtaining higher privileges...

Insecure Access Controls

awsencryptionsdkcli does correctly enforce strict mode. The application operates in discovery mode even when strict mode is specified, allowing various operations within the package which would otherwise be restricted...

Insecure Access Controls

ibus uses insecure access controls. A local attacker is able to access the input bus of another user and perform keylogging...

Insecure Access Controls

nuget package manager uses insecure access controls. An authenticated attacker is able to tamper and modify contents of the intermediate build folder obj...

Insecure Access Controls

postgresql is vulnerable to insecure access controls vulnerability. This is because the pgcatalog.pglogfilerotate function does not follow the same ACLs than pgroratelogfile. If the adminpack is added to a database, an attacker able to connect to it and could use this flaw to force log rotation...

Insecure Access Controls

Sonatype Nexus Repository Manager is use an insecure access controls. An unauthenticated user can craft requests in a way that can allow execution of arbitrary code and programs on the host system...

CVE-2016-2171

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...

WowWee Rovio - Insufficient Access Controls - Covert Audio/Video Snooping Possible

SUMMARY WowWee Rovio - Insufficient Access Controls - Covert Audio/Video Snooping Possible OVERVIEW Rovio from WowWee does not adequately secure all accessible URLs or media streams, enabling an unauthorized user with network access to the robotic webcam platform the ability to listen to and view...