Authentication Bypass

s3-proxy is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent URL path interpretation between the authentication middleware and bucket handler, which allows an attacker to bypass access controls and perform unauthorized operations on protected S3 objects...

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node.js built-in modules listed in the allowlist. Version 3.10.4 of vm2 contains security vulnerabilities. Attackers can exploit these vulnerabilities to obtain host process objects...

CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

EUVD-2025-34794

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

EUVD-2019-7051

Malware in sbrugna...

EUVD-2017-16806

Malware in sbrugna...

CVE-2025-42936

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impac...

CVE-2025-2746

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML links to external objects. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

Microsoft Edge Information Disclosure Vulnerability (CNVD-2018-12880)

Edge is Microsoft's browser for Windows 10. Microsoft Edge suffers from an information disclosure vulnerability. The vulnerability stems from Microsoft Edge failing to properly handle objects in memory. An attacker could exploit the vulnerability to obtain information that could further compromis...

CVE-2003-0935

Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed...