Broadcom CleanWipe Removal Tool 安全漏洞

The Broadcom CleanWipe Removal Tool is an enterprise-level security software uninstallation tool developed by Broadcom Corporation. Versions of the Broadcom CleanWipe Removal Tool prior to version 16.0.0.65 contained security vulnerabilities. These vulnerabilities could allow attackers with limit...

CVE-2026-26289 Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

Subnet Solutions PowerSYSTEM Center 安全漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions. There is a security vulnerability present in Subnet Solutions PowerSYSTEM Center. This vulnerability stems from insufficient permission restrictions on the REST API endpoints exported by device accounts. As a...

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

CVE-2026-5170 Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

CVE-2026-5170 Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

PT-2026-29047

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.2.2 MongoDB Server versions 8.0.18 through 8.0.18 MongoDB Server versions 7.0.31 through 7.0.31 Description A user with limited privileges within a cluster can cause a mongod process to crash when the cluster...

Information Disclosure

Keycloak is vulnerable to sensitive Information Disclosure. The vulnerability is due to insufficient enforcement of User Profile visibility controls in the Admin API, where a limited-privilege administrator can access sensitive custom user attributes via the /unmanagedAttributes endpoint, bypassi...

PT-2026-1876

Name of the Vulnerable Software and Affected Versions TIM BPM Suite/ TIM FLOW versions through 9.1.2 Description The software contains multiple Hibernate Query Language injection flaws. A user with limited privileges can exploit these to obtain passwords of other users and access sensitive data...

FreeBSD : MongoDB -- Missing Authorization (eda92945-ced4-11f0-a958-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eda92945-ced4-11f0-a958-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-103582 reports: A user with access to the cluster with a limited...

CVE-2025-13643 MongoDB Server may allow queries to be terminated by unauthorized users

A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully completing. This issue affects MongoDB Server v7.0 versions...

EUVD-2025-34553

The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to, and including, 3.0. This is due to bmpuser role granting all users with the managebmp capability by default upon registration through the plugin's form. This makes it possible for...

CVE-2025-3719

An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...

Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0

Summary A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. Impact An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing...

EUVD-2025-27682

Malicious code in bioql PyPI...

EUVD-2024-46781

Malicious code in bioql PyPI...

CVE-2025-1501

The CVE-2025-1501 vulnerability affects Nozomi Networks Guardian/CMC prior to v25.1.0, where improper access controls in the Request Trace and Download Trace features allow an authenticated user with limited privileges to request and download trace files, potentially exposing unauthorized network...

CVE-2025-1501 Incorrect authorization for traces request/download in CMC before 25.1.0

An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can request and download...

PT-2025-34753 · Cmc · Cmc

Name of the Vulnerable Software and Affected Versions: CMC versions prior to 25.1.0 Description: An access control issue was identified in the Request Trace and Download Trace functionalities. Improper access restrictions allow authenticated users with limited privileges to request and download...