19 matches found
CVE-2026-41179
CVE-2026-41179 affects rclone before 1.73.5 where the RC endpoint operations/fsinfo is exposed without AuthRequired and accepts attacker-controlled fs input. This allows an unauthenticated attacker to instantiate an attacker-controlled backend via rc.GetFs(...) and trigger WebDAV bearer_token_com...
EUVD-2026-25144
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution...
BIT-PARSE-2026-32594 Parse Server GraphQL WebSocket endpoint bypasses security middleware
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40 and 9.6.0, the GraphQL WebSocket endpoint for subscriptions does not pass requests through the Express middleware chain that enforces authentication, introspection control, and...
CVE-2021-22382
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations...
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication
Impact OpenBao and HashiCorp Vault allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service. Patches In OpenBao v2.2.2 and later, manually setting the configuration option disableunauthedrekeyendpoints=true...
VMware Tools 授权问题漏洞
VMware Tools is an enhancement tool that comes with VMware's VMWare virtual machines, and is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of virtual machines with the host computer. A security vulnerability...
CVE-2023-28697
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service...
CVE-2021-22382
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations...
Design/Logic Flaw
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations...
CVE-2021-22382
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations...
华为 LTE USB Dongle 安全漏洞
Huawei LTE USB Dongle is a combination of hardware and software encryption product from Huawei China that plugs into the parallel port of the computer. It protects source code and algorithms from unauthorized use or against piracy threats. A security vulnerability exists in Huawei LTE USB Dongle,...
Improper access control
HUAWEI smartphones P30 with versions earlier than 10.0.0.185C00E85R1P11 have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks the user into installing a crafted application, successful explo...
Huawei P30 Access Control Error Vulnerability (CNVD-2020-19934)
Huawei P30 is a smartphone from Chinese company Huawei Huawei. An access control error vulnerability exists in the Huawei P30, which stems from the system failing to properly access control some program interfaces. An attacker could exploit this vulnerability by tricking a user into installing a...
Foxit Reader XFA Button resolveNode Remote Code Execution Vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of the XFA Button resolveNode method, which can be exploited by an attacker to execute arbitrary code in the context of the current process due to a lack of authentication...
Schneider Electric ION Security Bypass Vulnerability
The Schneider Electric ION Power Meter is an electrical power meter. A security bypass vulnerability exists in the Schneider Electric ION Series. An attacker could exploit the vulnerability to perform unauthenticated operations by bypassing certain security mechanisms...
Libass Security Bypass Vulnerability
libass is a lightweight library of functions for rendering subtitles in ASS/SSA format. A security bypass vulnerability exists in Libass, which can be exploited by remote attackers to perform unauthenticated operations bypassing security mechanisms...
Kerio Control Memory Corruption Vulnerability
Kerio Control is a simple and fast unified threat management system. Memory corruption vulnerabilities in Kerio Control version 9.1.3 can be exploited by an attacker to execute arbitrary script code in the context of an affected site, steal cookie-based authentication, disclose sensitive...
Kerio Control Cross-Site Scripting Vulnerability
Kerio Control is a simple and fast unified threat management system. Cross-site scripting attack vulnerabilities in Kerio Control version 9.1.3 can be exploited by an attacker to execute arbitrary script code in the context of an affected site, steal cookie-based authentication, disclose sensitiv...
ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-330 November 16, 2011 - -- CVE ID: CVE-2011-4051 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - --...