9 matches found
CVE-2025-27850
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...
CVE-2025-41760
An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not enforce any restrictions and allows all network traffic to pass unfiltered...
EUVD-2026-2817
An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration...
GNU Privacy Guard 2.5.16
GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...
CVE-2025-58578
A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation...
EUVD-2025-32501
A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation...
The vulnerability of the universal monitoring system Zabbix, related to the distribution of resources without any restrictions or regulations, allows a intruder to trigger a service failure.
The vulnerability of the Zabbix universal monitoring system is related to the use of excessive resources without proper restrictions or controls. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...
Koel 安全漏洞
Koel is a simple web-based personal audio streaming service written in Vue on the client side and Laravel on the server side. A security vulnerability exists in Koel versions prior to 5.1.4 that stems from no login restrictions, no password strength policy, and displaying whether a failed login...
Дырка в Tumbleweed Worldsecure (MMS)
При установке создается учетная запись пользователя с пустым паролем и без ограничения прав...