9 matches found
EUVD-2025-198650
Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms//”, where the “MEDIA” parameter can take the value of “snapshot” or “video.mp4”. These media files contain images...
CVE-2024-20395
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such ...
CVE-2025-27602
CVE-2025-27602 affects Umbraco CMS backoffice functionality. Authentication against the backoffice API could allow a user with Editor permissions to access or delete content and media in folders they should not reach, via manipulation of API URLs. The issue is described as a permissions/authentic...
CVE-2024-20395
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such ...
CVE-2024-20395
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such ...
CVE-2024-20395
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such ...
CVE-2024-20395
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such ...
PT-2024-5197 · Cisco · Cisco Webex App
Name of the Vulnerable Software and Affected Versions: Cisco Webex App affected versions not specified Description: A vulnerability in the media retrieval functionality could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This issue is due to insecure...
Authentication bypass vulnerability in navidrome's subsonic endpoint
Summary A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token JWT signed with the key "not so secret". The vulnerability can only be exploited o...