EUVD-2026-5677

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

EUVD-2019-12038

Malware in sbrugna...

CVE-2024-7457 macOS Stash network-management utility: Unauthorized Manipulation of System Network Preferences

The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights using its own privileged context root, effectively authorizing itself...

CVE-2024-7457 macOS Stash network-management utility: Unauthorized Manipulation of System Network Preferences

The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights using its own privileged context root, effectively authorizing itself...

CVE-2024-7457

The CVE-2024-7457 entry concerns ws.stash.app.mac.daemon.helper on macOS. Affected component is the ws.stash.app.mac.daemon.helper, which improperly uses macOS AuthorizationCopyRights() with its own privileged context (root) instead of validating the client’s authorization reference. This allows ...

CVE-2025-40656 SQL injection vulnerability in DM Corporative CMS

A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp...

CVE-2024-50628

An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues...

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person file delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.12, which stems from improper protection of presumably immutable data and could...

CVE-2024-44314

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the indexonUpdateStatus function within Orders.php, which fails to verify if the user has permission to modify an order'...

CVE-2024-50628

An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues...

CVE-2024-50628

An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues...

Digi ConnectPort 安全漏洞

Digi ConnectPort is a server from Digital Networks Malaysia Digi Inc. It provides wireless communication. A security vulnerability exists in Digi ConnectPort versions prior to 1.4.12, which originated from a vulnerability that allows an attacker on a local area network LAN to achieve unauthorized...

CVE-2024-50628

CVE-2024-50628 affects Digi ConnectPort LTS web services prior to 1.4.12. The issue enables an attacker on the local network to perform unauthorized manipulation of resources, with potential remote code execution when combined with other issues. Affected product: Digi ConnectPort LTS (before 1.4....

PT-2024-34368 · Digi · Digi Connectport Lts

Name of the Vulnerable Software and Affected Versions: Digi ConnectPort LTS versions prior to 1.4.12 Description: An issue was discovered in the web services of Digi ConnectPort LTS, allowing an attacker on the local area network to achieve unauthorized manipulation of resources. This may lead to...

CVE-2024-50628

An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues...

CVE-2024-51559

The CVE-2024-51559 entry applies to Wave 2.0 and is supported by connected documents that describe a vulnerability caused by improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this by manipulating API input parameters (e.g., user_id) to gain una...

CVE-2024-8309

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service DoS by deleting all data, breaches in multi-tenant securit...

CVE-2023-3290

A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user customer in the system. This results in unauthorized data manipulation...

CVE-2023-3285 A BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0

A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system including admin. This results in unauthorized data manipulation...

CVE-2023-3285 A BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0

A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system including admin. This results in unauthorized data manipulation...