MAL-2026-1090 Malicious code in isb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 93750cbddba7897fde1d31836971e11082ad2076012c7caf708980de45827840 Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...

CVE-2018-25149

CVE-2018-25149 affects Microhard Systems IPn4G 1.1.0. The vulnerability is a cross-site request forgery (CSRF) in the device’s web interface that allows an attacker to induce administrative actions without user consent by tricking an authenticated user into loading a malicious page. Documented im...

EUVD-2024-49411

Malicious code in bioql PyPI...

Cisco Identity Services Engine Authorization Issues Vulnerability (CNVD-2025-15609)

Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users, and devices, and develops and enforces policies to regulate the network. Cisco Identity Services Engine Cisco ISE...

CVE-2025-20264 Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanisms fo...

CVE-2025-48784

A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization...

CVE-2025-48784 Soar Cloud HRD Human Resource Management System - Missing Authorization

A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization...

CVE-2025-48784

CVE-2025-48784 affects Soar Cloud HRD Human Resource Management System prior to version 7.3.2025.0408. The vulnerability is a missing authorization issue that allows remote attackers to modify system settings without prior authorization. Public references (NVD, Red Hat, PTSecurity, CVE lists) con...

PT-2025-24066

Name of the Vulnerable Software and Affected Versions Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408 Description A missing authorization issue allows remote attackers to modify system settings without prior authorization. Recommendations For versions prior to...

CVE-2024-0439 User can manually send request at manager permission to modify system configurations

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request...

CVE-2023-35140

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70ABTO.5 could allow an authenticated local user with read-only access to modify system settings on a vulnerable device...

CVE-2022-20214

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210...

AUO Solar Data Recorder Cross Site Scripting

Exploit Title: AUO Solar Data Recorder - Stored XSS Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...

CVE-2017-14473

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

Design/Logic Flaw

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack...