📄 PEGA Infinity Brute Force / Insecure Direct Object Reference

PEGA Infinity suffers from brute forcing and insecure direct object reference vulnerabilities. Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by the brute force issue. Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by the idor issue. SEC Consult Vulnerability Lab...

Cross-site Request Forgery (CSRF)

Jenkins is vulnerable to Cross-site Request Forgery CSRF. The vulnerability is due to missing or insufficient CSRF protection on login-related functionality, which allows an attacker to trick a victim into unknowingly authenticating into the attacker’s account...

EUVD-2019-19048

Malware in sbrugna...

Akinsoft MyRezzta Authentication Bypass Vulnerability

Aiseesoft is a technology company specializing in software development. An authentication bypass vulnerability exists in Akinsoft MyRezzta that stems from improperly limiting authentication attempts, and no detailed vulnerability details are available at this time...

ROS-20250905-07

A vulnerability in the user locking mechanism of the Vault Enterprise and Vault Community Edition enterprise data archiving platforms is due to the application not performing the correct normalization of the application. Enterprise and Vault Community Edition is related to the fact that the...

Dahua Security Cameras Incorrect Default Permissions (CVE-2019-9682)

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker c...

CVE-2019-18235

Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack...

SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration Weakness

Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...

CVE-2019-9682

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker c...

Cisco Prime Collaboration Provisioning Tool Denial of Service Vulnerability

Cisco Prime Collaboration Provisioning Tool is a set of Web-based next-generation communication service tools from Cisco. The tool provides IP communication service features for IP telephony, voicemail and unified communications environments. web portal is one of the web portal. A denial of servi...

Design/Logic Flaw

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service DoS condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit this vulnerability by...

CVE-2018-0204

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service DoS condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit this vulnerability by...

CVE-2018-0204

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service DoS condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit this vulnerability by...

Cisco Prime Collaboration Provisioning Tool Web Portal Repeated Bad Login Attempts Denial of Service Vulnerability

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service DoS condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit this vulnerability by...

SeaWell Networks Spectrum SDC Trust Management Vulnerability

SeaWell Networks Spectrum SDC is a video solution. The solution utilizes ABR repackaging technology to simplify IP video delivery using a common format. A security vulnerability exists in SeaWell Networks Spectrum SDC version 02.05.00. The vulnerability stems from the program's use of default wea...