EUVD-2026-24029

OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate...

EUVD-2025-209534

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

CVE-2025-66954

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

CVE-2025-66954

The CVE-2025-66954 entry concerns Buffalo LinkStation v1.85-0.01 where unauthenticated or guest users can enumerate valid usernames and their privilege roles by modifying a parameter in requests to /nasapi. This is the concrete vulnerability described across the CVE and EUVD records; no exploitat...

CVE-2026-20205 Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app

In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk internal index or possesses the high-privilege capability mcptooladmin could view users session and authorization tokens in clear text.The vulnerability would require either local access to the log...

CVE-2026-31834 Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks

Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient...

CVE-2026-31834 Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks

Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient...

CVE-2025-10871 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves...

CVE-2018-20402

Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. The passwords to the three accounts are the same as the usernames, which are guest, user, and author. Logging in with these accounts will grant any user the...

CVE-2025-46265

On F5OS, an improper authorization vulnerability exists where remotely authenticated users LDAP, RADIUS, TACACS+ may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000139503: F5OS vulnerability CVE-2025-46265

Security Advisory Description On F5OS, an improper authorization vulnerability exists where remotely authenticated users LDAP, RADIUS, TACACS+ may be authorized with higher privilege F5OS roles. CVE-2025-46265 Impact This vulnerability may allow a remote, authenticated attacker to be unexpectedly...

Argo CD Insecure default administrative password

In Argo CD versions 1.8.0 and prior, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names...

CVE-2018-20402

Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. The passwords to the three accounts are the same as the usernames, which are guest, user, and author. Logging in with these accounts will grant any user the...

CVE-2018-20402

Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. The passwords to the three accounts are the same as the usernames, which are guest, user, and author. Logging in with these accounts will grant any user the...

F5 Networks BIG-IP : BIG-IP tmsh vulnerability (K01067037)

When BIG-IP is licensed for Appliance mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance mode restrictions to overwrite critical system files. CVE-2018-15321 Attackers with ahigh-privilege level can overwrite critical system files, which in turnbypasses security controls...