CVE-2026-34261 Missing Authorization check in SAP Business Analytics and SAP Content Management

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

CVE-2025-59366

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware...

EUVD-2025-199586

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware...

CVE-2025-59366

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware...

CVE-2025-59366

The CVE-2025-59366 issue affects AiCloud, with a critical authentication bypass caused by an unintended side effect of Samba functionality. PT-2025-48017 lists affected AiCloud versions prior to 3.0.0.4 386/388/0.6 102 and describes the vulnerability as allowing execution of specific router funct...

PT-2025-48017

Name of the Vulnerable Software and Affected Versions AiCloud versions prior to 3.0.0.4 386/388/0.6 102 Description An authentication bypass issue exists in AiCloud due to an unintended side effect of the Samba functionality. This allows execution of specific functions without proper authorizatio...

ASUS Router 安全漏洞

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An authentication bypass vulnerability exists in ASUS Router, which stems from an unexpected side effect of Samba functionality...

VulnCheck KEV: CVE-2025-2492

An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...

EUVD-2020-23291

Malware in sbrugna...

ASUS AiCloud 安全漏洞

AiCloud is a cloud service from ASUS, designed to provide easy access to the data inside the router's back-up devices such as USBs or PCs, as well as uploading, downloading, playing music online, browsing documents online, sharing links to Facebook, and setting up Smart Sync to synchronize with t...

QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China's Weilian Technology QNAP Systems.QNAP Systems QTS is an operating system used by entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP Systems QTS version 5.1.8.282...

WordPress plugin Popup Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of UEFI (BIOS) in Huawei personal computers allows a hacker to gain unauthorized access to arbitrary functions.

The vulnerability of UEFI BIOS in Huawei personal computers is related to improper control of access to the SMI handler interface. Exploiting this vulnerability can allow an attacker to gain unauthorized access to arbitrary functions...

JVN#78634340: Multiple vulnerabilities in WAVLINK WL-WN531AX2

WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C|...

The minter can steal the Frankencoin in notifyLoss()

Lines of code Vulnerability details Impact The minter can steal the Frankencoin in notifyLoss because of In this code: if reserveLeft = amount transferaddressreserve, msg.sender, amount; The minter can call the function notifyLoss Constantly. When reserveLeft = amount, the minter who call the fir...

CVE-2023-26487

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...

Design/Logic Flaw

An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class defined within PHP or MediaWiki via a crafted HTML comment, related to a Smarty template. For example...

CVE-2020-12404

For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS 26...

ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities

Overview ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web ParameterIt has been reported that the 'Properties.do?name=' module is vulnerable to an ‘unauthorized function call’ caused by server failing to...