13 matches found
CVE-2025-41097
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic employee details using unauthorised internal identifiers...
Bold Workplanner 安全漏洞
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access functional contract details using an unauthorized...
CVE-2025-31971
AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery SSRF attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information...
PT-2025-34455 · Reolink · Reolink
Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: An intent redirection issue in Reolink allows unauthorized attackers to access internal functions or non-public components. Recommendations: At the moment, there is no information about a newer...
Server-Side Request Forgery (SSRF)
Crawl4AI is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation and insufficient sanitization of user-controlled URLs in /crawl4ai/asyncdispatcher.py, allowing unauthorized internal network access...
CVE-2025-23369
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This...
PT-2025-6749 · Wazuh · Wazuh Siem
Name of the Vulnerable Software and Affected Versions: Wazuh SIEM version 4.8.2 Description: This issue is related to a broken access control vulnerability, allowing the unauthorized creation of internal users without assigning any existing user role. This could potentially lead to privilege...
CVE-2024-10824
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token PAT a...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server, which...
PT-2022-19700 · Jamf · Jamf Private Access
Name of the Vulnerable Software and Affected Versions: Jamf Private Access versions prior to 2022-05-16 Description: The issue is related to Incorrect Access Control, allowing an unauthorized user to reach a system in the internal infrastructure. Recommendations: For Jamf Private Access versions...
D-Link DAP-1620 Path Traversal Vulnerability
A path traversal vulnerability exists in the D-Link DAP-1620, a wireless repeater extender from D-Link, Taiwan, China, which results from a path traversal in the D-Link DAP-1620 that causes local file inclusion to lead to unauthorized internal file reads of /etc/passwd and / etc/shadow. No detail...
CVE-2017-12351
A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due t...
CVE-2017-12351
A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due t...