11 matches found
CVE-2026-10721
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...
CVE-2026-10721
Concrete CMS
CVE-2026-10721 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...
EUVD-2026-35994
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...
PT-2026-48390
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...
FreeBSD : Mozilla -- spoofing (1e8a6581-ab7b-11f0-b961-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1e8a6581-ab7b-11f0-b961-b42e991fc52e advisory. [email protected] reports: Spoofing issue in the Site Permission component Tenable has extracted the...
EUVD-2025-8236
Malicious code in bioql PyPI...
CVE-2025-2499
Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This...
CVE-2024-12196
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission...
CVE-2024-12196
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission...
The vulnerability of the Qualcomm Permission component in the Android operating system allows a violator to compromise the privacy, integrity, and accessibility of protected information.
The vulnerability of the Qualcomm Permission component in the Android operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information...