22 matches found
Versa Concerto Actuator Endpoint - Authentication Bypass
An authentication bypass vulnerability affected the Spring Boot Actuator endpoints in Versa Concerto due to improper handling of the X-Real-Ip header.Attackers could access restricted endpoints by omitting this header.The issue allowed unauthorized access to sensitive functionality, highlighting...
CVE-2025-31982
HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...
CVE-2026-20995
Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...
EUVD-2026-12307
Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...
CVE-2026-20995
Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...
CVE-2026-20995
Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...
PT-2026-25600
Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...
EUVD-2018-1959
Malware in sbrugna...
EUVD-2025-19627
Malicious code in bioql PyPI...
PT-2025-32568
Name of the Vulnerable Software and Affected Versions: ABB Aspect affected versions not specified Description: A missing authentication issue exists for a critical function in ABB Aspect. This allows unauthorized access to sensitive functionality. Recommendations: At the moment, there is no...
Authentication Bypass
silverstripe/framework is vulnerable Authentication Bypass. This vulnerability is due to a lack of permission check to the DatabaseAdmin of function init on the buildDefaults method of the DevelopmentAdmin class, allows unauthorized users to access sensitive functionality...
CVE-2023-38294
Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...
CVE-2023-38290
CVE-2023-38290 affects BLU View 2 and Sharp Rouvo V Android devices due to a vulnerable pre-installed com.evenwell.fqc app. The issue: inadequate access control lets local third-party apps execute arbitrary shell commands in the app’s system context without special permissions, enabling actions s...
CVE-2023-38294
Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...
CVE-2023-38294
Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...
CVE-2023-38294
The CVE-2023-38294 issue affects Itel Vision 3 Turbo devices with a pre-installed vulnerable app com.transsion.autotest.factory (versionCode 7, versionName 1.8.0(220310_1027)). The root cause is inadequate access control in this component, enabling local third‑party apps to execute arbitrary shel...
PT-2023-24649 · WordPress · Malinky Ajax Pagination/Infinite Scroll
Name of the Vulnerable Software and Affected Versions: Malinky Ajax Pagination and Infinite Scroll plugin versions = 2.0.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application tha...
PT-2023-26652 · Unknown · Gugoan Economizzer
Name of the Vulnerable Software and Affected Versions: gugoan Economizzer version 0.9-beta1 gugoan Economizzer commit 3730880 April 2023 Description: The issue is related to Clickjacking, also known as a "UI redress attack", where an attacker uses multiple transparent or opaque layers to trick a...
Remote Code Execution
@keystone-6/core is vulnerable to remote code execution. The use of NODEENV not in dependencies triggers the security-sensitive functionality in a production build, which makes it vulnerable to NODEENV being inlined to development for user code...
@keystone-6/core's NODE_ENV defaults to development with esbuild
Impact @keystone-6/[email protected] || 3.0.1 users that use NODEENV in their own code not dependencies to trigger security-sensitive functionality in a production build are vulnerable to NODEENV being inlined to "development" for user code. If your dependencies use NODEENV to trigger particular...