CVE-2025-27505 GeoServer Missing Authorization on REST API Index

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...

NetScaler-13.1-EPA scan failed with "Error while parsing client security configuration"

EPA scan failed with "Error while parsing client security configuration" in EPA log. ---------------------------- 2025-02-19 09:03:50.706 | 21708 | DEBUG | D | PRE AUTH EPA | token: |^M 2025-02-19 09:03:50.706 | 21708 | DEBUG | D | PRE AUTH EPA | Policy MACADDRanyofF8BXXXXXX28A returned 2004 |^M...

NetScaler-13.1-How to remove the "Server" header in the response with rewrite policy

How to remove the "Server" header in the response which exposes the server type information...

CVE-2024-42018

An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC configuration...

CVE-2024-22178

A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigg...

CVE-2023-46280

A vulnerability has been identified in Security Configuration Tool SCT All versions, SIMATIC Automation Tool All versions V5.0 SP2, SIMATIC BATCH V9.1 All versions V9.1 SP2 Upd5, SIMATIC NET PC Software V16 All versions V16 Update 8, SIMATIC NET PC Software V17 All versions, SIMATIC NET PC Softwa...

CVE-2023-35898

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352...

CVE-2023-31005

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767...

CVE-2023-24855

Memory corruption in Modem while processing security related configuration before AS Security Exchange...

CVE-2022-1166

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

CVE-2021-39992

There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability...

CVE-2020-28047

AudimexEE before 14.1.1 is vulnerable to Reflected XSS Cross-Site-Scripting. If the recommended security configuration parameter "uniqueerrornumbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to data leakage...

CVE-2013-5189

Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the...

CVE-2019-20693

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4...

CVE-2018-21159

NETGEAR ReadyNAS devices before 6.9.3 are affected by incorrect configuration of security settings...

CVE-2019-3653

Improper access control vulnerability in Configuration tool in McAfee Endpoint Security ENS Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool...

CVE-2025-2898

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control RBAC configurations...

Disable the TCP Forwarding Function of SSH

Setting AllowTcpForwarding to no disables the SSH client from performing TCP port forwarding. TCP port forwarding is a function of transmitting data between a local host and a remote host through an SSH tunnel. By disabling this function, you can restrict the data transmission and access scope of...

Do Not Use auditctl to Set auditd Rules

auditd service rules can be configured using either rule files in the /etc/audit/rules.d/ directory applied after server restart or the auditctl command for immediate effect. The permission of the /etc/audit/rules.d/ directory is 750, while that of the auditctl command is 755. Therefore,...

CVE-2025-2898

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control RBAC configurations...