46 matches found
EUVD-2026-33839
Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...
CVE-2026-21785
CVE-2026-21785 relates to a misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions ≤ 10.1.0.0442). The CSP failures occur because directives are defined without fallbacks, enabling attackers to bypass intended security restrictions and load unauthorized re...
CVE-2026-8381
A broken access control vulnerability exists in the TeamViewer DEX Platform On‑Premises prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for...
GHSA-F2HX-5FX3-HMCV Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants
A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...
CVE-2026-28719
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
CVE-2026-28719
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
CVE-2026-28709
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
CVE-2026-28719
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
CVE-2026-28719
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
CVE-2026-28709
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
PT-2026-23583
Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect 17 Linux, Windows versions prior to build 41186 Description The software is susceptible to unauthorized resource manipulation due to inadequate authorization checks. This allows for potential compromise of system resource...
CVE-2022-31609
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin, where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure...
EUVD-2019-6768
Malware in sbrugna...
EUVD-2021-6553
Malicious code in bioql PyPI...
EUVD-2023-55079
Malicious code in bioql PyPI...
EUVD-2024-0007
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-31609
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin, where it allows the guest VM to allocate resources for which the guest is...
CVE-2025-1139
CVE-2025-1139 affects IBM Edge Application Manager 4.5. A local user can read or modify resources due to incorrect permission assignment. Root cause: improper/incorrect permission provisioning. Impact: unauthorized access to resources on the device. Mitigation: upgrade to patched IBM Edge Applica...
CVE-2024-29007
The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or...
CVE-2024-25120
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific t3:// URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records although only if a valid link-handling...