268 matches found
CVE-2025-55130
A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002647)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002647 advisory. The preparevmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the CR8-load exiting and CR8-store exiting L0 vmcs02 control...
CVE-2021-33217
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root...
CVE-2023-31403
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation...
CVE-2025-0836
Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API...
CVE-2025-0836
CVE-2025-0836 – Milestone XProtect VMS is described as a Missing Authorization vulnerability where users with read-only access to the Management Server can obtain full read/write access to the MIP Webhooks API. The issue is documented across multiple feeds (NVD, Red Hat, ENISA EUVD, CVE and vendo...
Milestone Systems XProtect VMS 安全漏洞
Milestone Systems XProtect VMS is a video management software from Milestone Systems, USA. A security vulnerability exists in Milestone Systems XProtect VMS that stems from an authorization gap that could result in a read-only user gaining full read and write access to the MIP Webhooks API...
CVE-2025-66474 XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...
CVE-2025-40830
A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...
CVE-2025-59980
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...
EUVD-2025-33387
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...
CVE-2025-59980
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...
CVE-2025-59980
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...
CVE-2025-59980 Junos OS: When a user with the name ftp or anonymous is configured unauthenticated filesystem access is allowed
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...
CVE-2025-59980
Summary of CVE-2025-59980 : Juniper Networks Junos OS FTP server contains an authentication bypass. When the FTP server is enabled and a user named “ftp” or “anonymous” exists, an unauthenticated attacker can log in without a password and gain read/write access to the user’s home directory. Affec...
CVE-2025-59980 Junos OS: When a user with the name ftp or anonymous is configured unauthenticated filesystem access is allowed
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...
PT-2025-41416
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S8 Juniper Networks Junos OS versions 23.2 through 23.2R2-S3 Juniper Networks Junos OS versions 23.4 through 23.4R2 Description An authentication bypass exists in the FTP server of Juniper...
EUVD-2025-31868
EUVD-2025-31868...
MLFlow server is exposed to data exfiltration and destruction due to lack of Origin validation
The MLFlow REST server is vulnerable to DNS rebinding attacks, allowing malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. Once rebinding is successful, the attacker can: Query for experiments via the 2.0/mlflow/experiments/search...
EUVD-2001-0203
Malware in sbrugna...