Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.15 views

CVE-2026-34123

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

7CVSS5.6AI score0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/06 12:31 a.m.11 views

EUVD-2026-34933

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

7CVSS5.4AI score0.00151EPSS
Exploits0References4
NVD
NVD
added 2026/06/06 12:16 a.m.12 views

CVE-2026-34123

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

7CVSS0.00151EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/05 11:50 p.m.9 views

CVE-2026-34123

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

7CVSS5.4AI score0.00151EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/05 11:50 p.m.45 views

CVE-2026-34123 Whitelist Validation Bypass in TP-Link Tapo C520WS

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

7CVSS0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/05 11:50 p.m.9 views

CVE-2026-34123 Whitelist Validation Bypass in TP-Link Tapo C520WS

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

7CVSS5.4AI score0.00151EPSS
Exploits0References3
CVE
CVE
added 2026/06/05 11:50 p.m.27 views

CVE-2026-34123

CVE-2026-34123 affects TP-Link Tapo C520WS devices. A logic flaw in the device API authorization allows a restricted account to bypass whitelist checks by abusing method mapping , enabling restricted operations to be executed. Reported impact includes device resets, unintended configuration chang...

7CVSS5.4AI score0.00151EPSS
Exploits0References3
CVE
CVE
added 2025/10/16 9:17 p.m.109 views

CVE-2025-62506

MinIO CVE-2025-62506 is a privilege-escalation issue in which a restricted service/STS account can create a new service account for itself due to a DenyOnly short-circuit in session-policy validation. Affected versions are prior to RELEASE.2025-10-15T17-29-55Z; the attacker may gain parent-level ...

8.1CVSS6.8AI score0.00523EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/10/16 9:17 p.m.3 views

CVE-2025-62506

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...

8.1CVSS7.3AI score0.00523EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.3 views

PT-2025-42551

Name of the Vulnerable Software and Affected Versions MinIO versions prior to RELEASE.2025-10-15T17-29-55Z Description MinIO, a high-performance object storage system, contains a privilege escalation vulnerability in its IAM Identity and Access Management policy validation logic. The flaw affects...

8.5CVSS6.7AI score0.00523EPSS
Exploits1References47
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-3010

Malware in sbrugna...

4CVSS6.4AI score0.01003EPSS
Exploits0References8
CNVD
CNVD
added 2020/10/21 12:0 a.m.2 views

Atlassian Jira Server & Data Center Information Disclosure Vulnerability

Atlassian Jira Server & Data Center is the data center version of JIRA from Atlassian Australia. The software is used in a wide range of work areas such as defect tracking, customer service, requirements gathering, process approvals, task tracking, project tracking and agile management. An...

4.3CVSS6.3AI score0.01287EPSS
Exploits0References1
CNVD
CNVD
added 2015/05/26 12:0 a.m.2 views

Django 'session.flush()' Security Bypass Vulnerability

Django is an open source web application framework using the Python language . An error in the Django 'session.flush' function allows remote attackers to bypass security restrictions and gain access to restricted accounts...

5CVSS7.1AI score0.01748EPSS
Exploits0References1
NVD
NVD
added 2007/07/17 12:30 a.m.20 views

CVE-2007-3018

activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...

4CVSS6.6AI score0.01003EPSS
Exploits0References7
CVE
CVE
added 2007/07/17 12:0 a.m.49 views

CVE-2007-3018

CVE-2007-3018 concerns activeWeb contentserver CMS prior to 5.6.2964, where editors with restricted accounts could create files in arbitrary directories. This is a permission settings flaw in the CMS editor interface, allowing creation of new documents outside permitted folders. The fixed version...

4CVSS6.6AI score0.01003EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder