CVE-2026-34277

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Fluid Core. Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2026-31800 Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API rout...

CVE-2026-21721

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege...

CVE-2025-59021

Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs...

PT-2025-54257

Name of the Vulnerable Software and Affected Versions Akuvox Smart Intercom S539 affected versions not specified Description The Akuvox Smart Intercom S539 has an issue with access control. Users with 'User' privileges can modify API access settings and configurations. This can allow attackers to...

CVE-2021-47722 Zucchetti Axess CLOKI Access Control 1.64 Cross-Site Request Forgery

Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking...

PT-2025-48661

Name of the Vulnerable Software and Affected Versions Sprecher Automations SPRECON-E-C Sprecher Automations SPRECON-E-P Sprecher Automations SPRECON-E-T3 Description The software is susceptible to unauthorized remote access due to the use of default cryptographic keys. An attacker can leverage...

CVE-2023-7322

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check coul...

BIT-NIFI-2022-33140 Improper Neutralization of Command Elements in Shell User Group Provider

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

The vulnerability of the Preferences component of the Oracle CRM system’s customer relationship management module. The Oracle E-Business Suite technical foundation for automating business processes, allowing attackers to gain access to read, modify, and delete information.

The vulnerability of the Preferences component of the Oracle CRM system’s customer relationship management module is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read, modify, and delete access to information...

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management allows a perpetrator to gain access to read, modify, and delete information.

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves security segmentation flaws. Exploiting this vulnerability could allow an attacker to gain read, modify, and delete access to information...

The vulnerability of the PIA Core Technology component of the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain read, modify, and delete access to data.

The vulnerability of the PIA Core Technology component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain read, modify, and delete access to data...

The vulnerability of MacOS operating systems, related to access control deficiencies, allows attackers to gain read and modify access to system files.

The vulnerability of MacOS operating systems is related to lack of access control. Exploiting this vulnerability can allow an attacker to gain read and modify access to system files...

The vulnerability of the software for Hitachi Energy’s equipment control and management systems, Hitachi Energy MicroSCADA X SYS600 and Pro SYS600, arises from incorrect restrictions on the path name to the restricted-access catalog. This allows attackers to gain access to read, modify, and delete system files.

The vulnerability of the software for controlling and managing equipment in Hitachi Energy’s MicroSCADA X SYS600 and Pro SYS600 systems lies in improper restrictions on the path name to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to gain read, modify...

The vulnerability of the Purchasing component in the Oracle PeopleSoft Enterprise SCM Purchasing application allows a hacker to gain read-only access to data or modify data.

The vulnerability of the Purchasing component in Oracle PeopleSoft Enterprise SCM Purchasing is related to incorrect authorization. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data or modify data using HTTP requests...

The vulnerability of the Personalization component of the Oracle Applications Framework, a web application development platform, within the Oracle E-Business Suite, allows an intruder to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Personalization component of the Oracle Applications Framework, a platform for developing web applications in enterprise automation systems within the Oracle E-Business Suite, is related to improper authentication. Exploiting this vulnerability allows an attacker to gain...

The vulnerability of the AddGeneratedReport method in the SolarWinds Access Rights Manager (ARM) access control software allows a perpetrator to gain read, modify, or delete access to data.

The vulnerability of the AddGeneratedReport method in the SolarWinds Access Rights Manager ARM access control software is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete...

The vulnerability of the Jenkins automation server relates to the creation of temporary files with insecure permissions, allowing a malicious actor to gain read, modify, or delete access to these files.

The vulnerability of the Jenkins automation server relates to the creation of temporary files with insecure permissions. Exploiting this vulnerability can allow a remote attacker to gain read, modify, or delete access to these files...

PT-2024-18191 · Git +1 · Lunary +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows an attacker to join an organization without permission by knowing the organization's ID, granting them the ability to read and modify a...

PT-2024-2825 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to a cross-site request forgery. Exploitation of this issue may allow a remote attacker to modify access rights in the file manager. Recommendations: At the moment,...