CVE-2025-2898 IBM Maximo Application Suite privilege escalation

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control RBAC configurations...

CVE-2025-2898

IBM Maximo Application Suite 9.0 contains an elevation-of-privilege vulnerability arising from misconfigured RBAC permissions in the Role-Based Access Control settings. The issue affects the Location Service for Esri Component (9.0) and can be exploited by an attacker with some level of access to...

GHSA-RC42-6C7J-7H5R Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the EndpointRequest.to function that creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Note: This is only exploitable if all o...

CVE-2025-32929 WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4...

Milestone XProtect 安全漏洞

Milestone XProtect is a video management software from Milestone. A security vulnerability exists in Milestone XProtect versions 2024 R1 through 2024 R2, which originates from resetting the system configuration password during the upgrade process, which could lead to a security configuration...

PT-2025-14210 · Atomchat · Atomchat

Name of the Vulnerable Software and Affected Versions: AtomChat versions 1.1.6 and earlier Description: The issue is related to Missing Authorization, allowing exploitation of incorrectly configured access control security levels. Recommendations: For AtomChat versions 1.1.6 and earlier, update t...

Security Bulletin: IBM Maximo Asset Management is vulnerable to authentication bypass (CVE-2022-40616)

Summary IBM Maximo Asset Management is vulnerable to authentication bypass. Vulnerability Details CVEID:CVE-2022-40616 DESCRIPTION: IBM Maximo Asset Management could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. CVSS Base...

yimioa 安全漏洞

yimioa CloudNet OA is a locally deployed OA software by rabbit individual developers. A security vulnerability exists in versions prior to yimioa v2024.07.04, which stems from improper access control of the WebSecurityConfig component and allows an unauthorized attacker to arbitrarily change the...

CVE-2024-12917 Improper Access Control in Agito Computer's Health4All

Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse. This issue affects Health4All: before 10.01.2025...

CVE-2025-27098

GraphQL Mesh exposes a path traversal vulnerability in its staticFiles handler. When serve.staticFiles is configured, the code path does not reliably constrain absolutePath to the staticFiles directory, allowing access to files outside the intended directory. Affects GraphQL Mesh and related CLI/...

CVE-2025-1341 PMWeb Setting weak password

A vulnerability, which was classified as problematic, was found in PMWeb 7.2.0. This affects an unknown part of the component Setting Handler. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The...

CVE-2025-22698

Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through = 4.18...

CVE-2021-44680

An issue 4 of 6 was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization...

CVE-2021-44682

An issue 6 of 6 was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization...

CVE-2021-44677

An issue 1 of 6 was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization...

CVE-2021-44678

An issue 2 of 6 was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization...

ROS-20250130-01

Linux operating system kernel vulnerability is linked to security configuration errors. Exploitation exploitation of the vulnerability could allow an attacker to bypass the secure boot mechanism and escalate privileges...

CVE-2024-55920 Cross-Site Request Forgery in Dashboard Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...