6 matches found
CVE-2026-5146
Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session validation. This issue affects the following versions : Devolutions Server 2026.1.6.0 through...
CVE-2026-5146
Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session validation. This issue affects the following versions : Devolutions Server 2026.1.6.0 through...
CVE-2026-5146
Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session validation. This issue affects the following versions : Devolutions Server 2026.1.6.0 through...
PT-2026-40335
Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session validation. This issue affects the following versions : Devolutions Server 2026.1.6.0 through...
CVE-2025-5095
Burk Technology ARC Solo is affected by CVE-2025-5095: the device’s password-change endpoint accepts requests without valid credentials due to missing authentication/session validation, enabling an attacker to take control of the device. Reports note high-impact outcomes (full compromise risk) wi...
CVE-2025-53938 WeGIA vulnerable to Authentication Bypass due to Missing Session Validation in multiple endpoints
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the /dao/verificarrecursoscargo.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated...