PT-2026-35721

mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...

EUVD-2025-15849

Malicious code in bioql PyPI...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation suffers from a security vulnerability that could be exploited by an attack...

ZOHO ManageEngine Log360 授权问题漏洞

ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity and comply with regulatory? A security vulnerability...

Zoho ManageEngine Access Manager Plus 授权问题漏洞

ZOHO Zoho ManageEngine Access Manager Plus is a privileged session management solution from ZOHO for enterprises to centralize, secure, and manage remote access to privileged sessions.A security vulnerability exists in versions of Zoho ManageEngine Access Manager Plus prior to 4203. The...

CVE-2019-10253

A Cross-Site Request Forgery CSRF vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files. The specific flaw exists within the handling of...

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files. The specific flaw exists within the handling of...

CVE-2016-4860

Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a 1 stop application program, 2 change value, or 3 modify application command...

CVE-2016-4860

Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a 1 stop application program, 2 change value, or 3 modify application command...

CVE-2014-2130

Cisco Secure Access Control Server ACS provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka...