CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

GHSA-3QCM-PJ6Q-W4C5 Nodcms contains a cross-site request forgery vulnerability

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/usermanipulate and admin/settings/generall endpoints to...

CVE-2016-20054 Nodcms Cross Site Request Forgery via admin endpoints

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/usermanipulate and admin/settings/generall endpoints to...

CVE-2016-20054 Nodcms Cross Site Request Forgery via admin endpoints

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/usermanipulate and admin/settings/generall endpoints to...

CVE-2026-21668

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository...

EUVD-2026-11577

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository...

CVE-2026-21668

Technical details about CVE-2026-21668 are not provided in the supplied documents. Monitor for updates from Veeam (KB4830) and related advisories for affected products, impact, and remediation.

CVE-2026-21668

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository...

PT-2026-22320

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

CVE-2026-25202

The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1...

CVE-2026-22624

Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization...

CVE-2023-4420

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security TLS in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can...

EUVD-2026-0815

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface...

Microhard Systems IPn4G 安全漏洞

Microhard Systems IPn4G is a cellular wireless gateway from Microhard Canada. A security vulnerability exists in Microhard Systems IPn4G version 1.1.0, which originates from the presence of a hidden function that can manipulate system processes, potentially resulting in a service interruption...

CVE-2025-58097

CVE-2025-58097 concerns LogStare Collector where the installation directory has incorrect access permissions. The issue allows a non-administrative user to manipulate files in the installation path and execution of arbitrary code with administrative privileges (local attack). The CVSS metrics ind...

Malicious code in teagood-lokika32 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9a431e7eb6d4a156ef4113032a163af3da2ecccea7457f91f211545f861b2ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-130961 Malicious code in vera-bakwan71-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f632249c87c617e6ab4271129fa059b45e9226a62b7bbc74392a0116553a057 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in udin-asinan48-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4487d23314eda574e70277231f6d755aa00f124dd07ce9813cf649d0fc434b63 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in melodic_barnacle_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f125a08321a08e364ca05b2e2af18aed8544f329fff479750b4bc10bb8f1383a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-40773

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...