EUVD-2026-27323

An issue was discovered in Gambio 4.9.2.0 patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0. The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known...

CVE-2026-34408

An issue was discovered in Gambio 4.9.2.0 patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0. The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known...

CVE-2025-14273

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

CVE-2025-61678

CVE-2025-61678 affects FreePBX Endpoint Manager: an authenticated arbitrary file upload via the fwbrand parameter in FreePBX 16 prior to 16.0.92 and FreePBX 17 prior to 17.0.6. Successful exploitation by an authenticated user can upload files to attacker-controlled paths, potentially leading to r...

CVE-2022-30229

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known...

CVE-2021-37192

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage...

CVE-2021-37190

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user...

CVE-2021-37190

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user...

Information disclosure

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage...

CVE-2021-37190

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user...

Siemens SINEMA Remote Connect Server 信息泄露漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. An information disclosure vulnerability exists in versions prior to Siemens SINEMA Remote Connect...

keycloak: cross-realm user access auth bypass

A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks...

CVE-2018-19829

Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/listausuarios, resulting in the ability to delete an arbitrary user when the ID number is known...