15 matches found
CVE-2026-34123
On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...
EUVD-2026-34933
On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...
CVE-2026-34123
On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...
CVE-2026-34123
On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...
CVE-2026-34123 Whitelist Validation Bypass in TP-Link Tapo C520WS
On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...
CVE-2026-34123 Whitelist Validation Bypass in TP-Link Tapo C520WS
On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...
CVE-2026-34123
CVE-2026-34123 affects TP-Link Tapo C520WS devices. A logic flaw in the device API authorization allows a restricted account to bypass whitelist checks by abusing method mapping , enabling restricted operations to be executed. Reported impact includes device resets, unintended configuration chang...
CVE-2025-62506
MinIO CVE-2025-62506 is a privilege-escalation issue in which a restricted service/STS account can create a new service account for itself due to a DenyOnly short-circuit in session-policy validation. Affected versions are prior to RELEASE.2025-10-15T17-29-55Z; the attacker may gain parent-level ...
CVE-2025-62506
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...
PT-2025-42551
Name of the Vulnerable Software and Affected Versions MinIO versions prior to RELEASE.2025-10-15T17-29-55Z Description MinIO, a high-performance object storage system, contains a privilege escalation vulnerability in its IAM Identity and Access Management policy validation logic. The flaw affects...
EUVD-2007-3010
Malware in sbrugna...
Atlassian Jira Server & Data Center Information Disclosure Vulnerability
Atlassian Jira Server & Data Center is the data center version of JIRA from Atlassian Australia. The software is used in a wide range of work areas such as defect tracking, customer service, requirements gathering, process approvals, task tracking, project tracking and agile management. An...
Django 'session.flush()' Security Bypass Vulnerability
Django is an open source web application framework using the Python language . An error in the Django 'session.flush' function allows remote attackers to bypass security restrictions and gain access to restricted accounts...
CVE-2007-3018
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
CVE-2007-3018
CVE-2007-3018 concerns activeWeb contentserver CMS prior to 5.6.2964, where editors with restricted accounts could create files in arbitrary directories. This is a permission settings flaw in the CMS editor interface, allowing creation of new documents outside permitted folders. The fixed version...