31 matches found
CVE-2021-28095
OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32...
EUVD-2018-1909
Malware in sbrugna...
EUVD-2020-28670
Malware in sbrugna...
EUVD-2018-1215
Malware in sbrugna...
EUVD-2020-24500
Malware in sbrugna...
EUVD-2023-38528
Malicious code in bioql PyPI...
EUVD-2021-6537
Malicious code in bioql PyPI...
EUVD-2022-49472
Malicious code in bioql PyPI...
EUVD-2022-41363
Malicious code in bioql PyPI...
EUVD-2025-6691
Malicious code in bioql PyPI...
LG Innotek Camera Model LNV5110R
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...
CVE-2025-7699
The CVE-2025-7699 issue affects ADM’s EZ Sync Manager. A lack of authorization checks on the HTTP file parameter allows authenticated users to copy arbitrary server files into their EZSync folder, potentially exposing sensitive data. Affected: ADM 4.1.0–4.3.3.RH61 and ADM 5.0.0.RIN1 and earlier. ...
PT-2025-26350 · WordPress · Wp Customer Area
Name of the Vulnerable Software and Affected Versions: WP Customer Area versions 8.2.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For WP Customer Area...
PT-2025-24580 · Amd · Amd Versal Adaptive Soc
Name of the Vulnerable Software and Affected Versions: AMD Versal Adaptive SoC devices affected versions not specified Description: The issue arises from the lack of address validation when executing PLM runtime services through the PLM firmware, allowing access to isolated or protected memory...
PT-2025-24215 · Mario Peshev · Wp-Crm System
Name of the Vulnerable Software and Affected Versions: Mario Peshev WP-CRM System versions 3.4.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This means that...
PT-2025-22900 · Tcman · Tcman'S Gim
Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: A missing authorization vulnerability in TCMAN's GIM allows an authenticated attacker to access any functionality of the application, even when they are not available through the user interface. To exploit...
CVE-2023-46601
A vulnerability has been identified in COMOS All versions. The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to...
CVE-2021-1071
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead...
PT-2025-31822 · 'Электронная Медицина' · Элмед Мис
Уязвимость платформы единой медицинской информационной системы ЭЛМЕД МИС связана с недостатками механизма контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к защищаемой информации и нарушить её конфиденциальность,...
CVE-2025-24315
CVE-2025-24315 concerns Growatt Cloud Applications. Several connected sources (CNVD-2025-14962, CNNVD-202504-2316, RH: Red Hat, CVE lists) describe an unauthenticated bystander vulnerability where an attacker can add devices of other users to scenes (or arbitrary scenes) in Growatt Cloud Applicat...