CVE-2026-20186

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

PT-2026-24184

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...

BIT-NODE-2025-55132

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-only...

CVE-2025-65900

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...

CVE-2025-65900

Kalmia CMS 0.2.0 is affected by CVE-2025-65900 via the /kal-api/auth/users endpoint. The root cause is insufficient permission validation and excessive data exposure, enabling an authenticated user with basic read permissions to retrieve sensitive information for all platform users. A public PoC ...

Nextcloud 安全漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from the fact that a sharing recipient with read and share permissions could reshare the item...

CVE-2024-2216

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...

CVE-2023-28838 GLPI vulnerable to SQL injection through dynamic reports

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...

PT-2023-3266 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.50 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to a SQL Injection vulnerability that allows users with access rights to statistics or reports to extract all data from the database and, ...

Dell PowerScale OneFS 日志信息泄露漏洞

Dell PowerScale OneFS is a Dell PowerScale OneFS operating system that provides scale-out NAS. Dell PowerScale OneFS is vulnerable to a log information disclosure vulnerability that could be exploited by a low-privilege attacker with read log privileges from the cluster to cause information...

CVE-2022-34813

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

Jenkins Plugin ThreadFix 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. An authorization issue...

16 HTTP Upload Tool (download.php) Information Disclosure Vulnerability

No description provided by source. Target: HTTP Upload Tool For PHP 1.0 http://uploadtool.sourceforge.net/ Vulnerability: Information disclosure Description: The download.php file in Upload Tool for PHP neither verifies that a requestor has authenticated, nor performs any sanity checking on the...

HTTP Upload Tool (download.php) Information Disclosure Vulnerability

Exploit for unknown platform in category web applications ==================================================================== HTTP Upload Tool download.php Information Disclosure Vulnerability ==================================================================== Target: HTTP Upload Tool For PHP 1...