CVE-2026-44314 Traccar: Missing edit authorization on device image upload allows read-only users to write files

Traccar is an open source GPS tracking system. Prior to 6.13.0, DeviceResource.uploadImage authorizes the target device only through Condition.PermissionUser.class, getUserId, Device.class and then immediately streams the uploaded body into mediaManager.createFileStream.... Unlike the generic...

EUVD-2017-11489

Malware in sbrugna...

EUVD-2017-11488

Malware in sbrugna...

Ubiquiti Inc.: SNMP Community String Disclosure to ReadOnly Users on EdgeSwitch

Read only users could execute unauthorized tasks and through SNMP community string pages. These vulnerabilities were found on EdgeSwitch 1G switch ESWH and EdgeSwitch 10G switch ESGH firmware v1.9.0. The fix for these vulnerabilities were included in the EdgeMax EdgeSwitch firmware v1.9.1 For mor...

DEBIAN-CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local...

CVE-2017-2305

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation...

CVE-2017-2306

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device...