6 matches found
EUVD-2026-24601
The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...
CVE-2025-40805
Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a...
CVE-2025-4477
The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API...
PT-2024-1009 · Cisco · Cisco Unity Connection
Name of the Vulnerable Software and Affected Versions: Cisco Unity Connection affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected syste...
CVE-2021-38475
The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions...
Timergrp module denial of service vulnerability in multiple Huawei products
Huawei DP300, RP200, and TE30/40/50/60 are Huawei's all-in-one desktop and high-definition videoconferencing end products for high-end customers. A denial-of-service vulnerability exists in the Timergrp module of multiple Huawei products due to the program's failure to adequately check parameters...