Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-32294

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-11 Jul, 2022 | 00:00
Updated At-03 Aug, 2024 | 07:39
Rejected At-
Credits

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:11 Jul, 2022 | 00:00
Updated At:03 Aug, 2024 | 07:39
Rejected At:
▼CVE Numbering Authority (CNA)

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
N/A
https://wiki.zimbra.com/wiki/Security_Center
N/A
https://medium.com/%40soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638e
N/A
https://github.com/soheilsamanabadi/vulnerabilitys/blob/main/Zimbra%208.8.15%20zmprove%20ca%20command
N/A
https://github.com/soheilsamanabadi/vulnerabilitys/pull/1
N/A
Hyperlink: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Resource: N/A
Hyperlink: https://wiki.zimbra.com/wiki/Security_Center
Resource: N/A
Hyperlink: https://medium.com/%40soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638e
Resource: N/A
Hyperlink: https://github.com/soheilsamanabadi/vulnerabilitys/blob/main/Zimbra%208.8.15%20zmprove%20ca%20command
Resource: N/A
Hyperlink: https://github.com/soheilsamanabadi/vulnerabilitys/pull/1
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
x_transferred
https://wiki.zimbra.com/wiki/Security_Center
x_transferred
https://medium.com/%40soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638e
x_transferred
https://github.com/soheilsamanabadi/vulnerabilitys/blob/main/Zimbra%208.8.15%20zmprove%20ca%20command
x_transferred
https://github.com/soheilsamanabadi/vulnerabilitys/pull/1
x_transferred
Hyperlink: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Resource:
x_transferred
Hyperlink: https://wiki.zimbra.com/wiki/Security_Center
Resource:
x_transferred
Hyperlink: https://medium.com/%40soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638e
Resource:
x_transferred
Hyperlink: https://github.com/soheilsamanabadi/vulnerabilitys/blob/main/Zimbra%208.8.15%20zmprove%20ca%20command
Resource:
x_transferred
Hyperlink: https://github.com/soheilsamanabadi/vulnerabilitys/pull/1
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:11 Jul, 2022 | 03:15
Updated At:04 Jun, 2024 | 19:17

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

Zimbra
zimbra
>>collaboration>>8.8.15
cpe:2.3:a:zimbra:collaboration:8.8.15:*:*:*:open_source:*:*:*
Weaknesses
CWE IDTypeSource
CWE-863Primarynvd@nist.gov
CWE ID: CWE-863
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/soheilsamanabadi/vulnerabilitys/blob/main/Zimbra%208.8.15%20zmprove%20ca%20commandcve@mitre.org
Third Party Advisory
https://github.com/soheilsamanabadi/vulnerabilitys/pull/1cve@mitre.org
Third Party Advisory
https://medium.com/%40soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638ecve@mitre.org
N/A
https://wiki.zimbra.com/wiki/Security_Centercve@mitre.org
Not Applicable
Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisoriescve@mitre.org
Not Applicable
Vendor Advisory
Hyperlink: https://github.com/soheilsamanabadi/vulnerabilitys/blob/main/Zimbra%208.8.15%20zmprove%20ca%20command
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/soheilsamanabadi/vulnerabilitys/pull/1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://medium.com/%40soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638e
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://wiki.zimbra.com/wiki/Security_Center
Source: cve@mitre.org
Resource:
Not Applicable
Vendor Advisory
Hyperlink: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Source: cve@mitre.org
Resource:
Not Applicable
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

217Records found

CVE-2023-29381
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.02% / 59.29%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 00:00
Updated-19 Nov, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.

Action-Not Available
Vendor-n/aZimbra
Product-collaborationn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-29382
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.01% / 59.02%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 00:00
Updated-19 Nov, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.

Action-Not Available
Vendor-n/aZimbra
Product-collaborationn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-35209
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.97% / 85.58%
||
7 Day CHG~0.00%
Published-02 Jul, 2021 | 18:54
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting).

Action-Not Available
Vendor-n/aZimbra
Product-collaborationn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-24233
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.97% / 57.75%
||
7 Day CHG+0.04%
Published-31 Mar, 2025 | 22:23
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to read or write to protected files.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-45172
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.07% / 60.85%
||
7 Day CHG~0.00%
Published-31 Jan, 2023 | 00:00
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system.

Action-Not Available
Vendor-liveboxcloudn/a
Product-vdeskn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-43515
Matching Score-4
Assigner-Zabbix
ShareView Details
Matching Score-4
Assigner-Zabbix
CVSS Score-5.3||MEDIUM
EPSS-1.21% / 64.62%
||
7 Day CHG~0.00%
Published-12 Dec, 2022 | 01:49
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.

Action-Not Available
Vendor-ZABBIX
Product-frontendFrontend
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-28872
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.32% / 87.10%
||
7 Day CHG~0.00%
Published-12 Apr, 2021 | 13:35
Updated-04 Aug, 2024 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.

Action-Not Available
Vendor-monitorrn/a
Product-monitorrn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-44039
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 58.46%
||
7 Day CHG~0.00%
Published-05 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of "fopen" system function with the mode "wb" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password.

Action-Not Available
Vendor-franklinfuelingn/a
Product-colibri_firmwaren/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-67856
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 18.94%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 10:52
Updated-26 Feb, 2026 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moodle: moodle: privilege escalation via incomplete role checks in badge awarding

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.

Action-Not Available
Vendor-Moodle Pty Ltd
Product-moodle
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-7663
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.26% / 17.19%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 19:16
Updated-02 Jul, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.

Action-Not Available
Vendor-langflowIBM Corporation
Product-langflowLangflow OSS
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-20674
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 45.72%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 02:29
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.

Action-Not Available
Vendor-MediaTek Inc.OpenWrt
Product-mt7993mt7981mt7990mt7986mt7992mt7916openwrtmt6890mt6990software_development_kitmt7915MT6890, MT6990, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993
CWE ID-CWE-863
Incorrect Authorization
CVE-2013-2198
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.73% / 74.77%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 20:35
Updated-06 Aug, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username.

Action-Not Available
Vendor-login_security_projectLogin Security
Product-login_securityLogin Security
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-41923
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.69% / 74.32%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grails Spring Security Core plugin vulnerable to privilege escalation

Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoint will be granted based on meeting the authorization requirements of the donor endpoint, which can result in a privilege escalation attack. This vulnerability has been patched in grails-spring-security-core versions 3.3.2, 4.0.5 and 5.1.1. Impacted Applications: Grails Spring Security Core plugin versions: 1.x 2.x >=3.0.0 <3.3.2 >=4.0.0 <4.0.5 >=5.0.0 <5.1.1 We strongly suggest that all Grails framework applications using the Grails Spring Security Core plugin be updated to a patched release of the plugin. Workarounds: Users should create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package, depending on their security configuration: * `AnnotationFilterInvocationDefinition` * `InterceptUrlMapFilterInvocationDefinition` * `RequestmapFilterInvocationDefinition` In each case, the subclass should override the `calculateUri` method like so: ``` @Override protected String calculateUri(HttpServletRequest request) { UrlPathHelper.defaultInstance.getRequestUri(request) } ``` This should be considered a temporary measure, as the patched versions of grails-spring-security-core deprecates the `calculateUri` method. Once upgraded to a patched version of the plugin, this workaround is no longer needed. The workaround is especially important for version 2.x, as no patch is available version 2.x of the GSSC plugin.

Action-Not Available
Vendor-grailsgrails
Product-spring_security_coregrails-spring-security-core
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-9350
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.28% / 19.61%
||
7 Day CHG~0.00%
Published-24 May, 2026 | 02:45
Updated-26 May, 2026 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization

A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NousResearch
Product-hermes-agent
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-13063
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 23.04%
||
7 Day CHG+0.01%
Published-12 Nov, 2025 | 21:02
Updated-14 Nov, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DinukaNavaratna Dee Store authorization

A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may be performed from remote. The exploit has been published and may be used. Multiple endpoints are affected.

Action-Not Available
Vendor-DinukaNavaratna
Product-Dee Store
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-13806
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.41% / 32.78%
||
7 Day CHG+0.01%
Published-01 Dec, 2025 | 04:02
Updated-24 Feb, 2026 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nutzam NutzBoot Transaction API EthModule.java improper authorization

A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Transaction API. The manipulation of the argument from/to/wei leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-nutzamnutzam
Product-nutzbootNutzBoot
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-13184
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-10.99% / 95.36%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 12:34
Updated-19 Dec, 2025 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password

Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected.

Action-Not Available
Vendor-Toto LinkTOTOLINK
Product-x5000r_firmwarex5000rX5000R's (AX1800 router)
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-39956
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-7.3||HIGH
EPSS-0.95% / 56.97%
||
7 Day CHG+0.03%
Published-20 Sep, 2022 | 00:00
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. The multipart payload will therefore bypass detection. A vulnerable backend that supports these encoding schemes can potentially be exploited. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised upgrade to 3.2.2 and 3.3.3 respectively. The mitigation against these vulnerabilities depends on the installation of the latest ModSecurity version (v2.9.6 / v3.0.8).

Action-Not Available
Vendor-owaspOWASPFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxowasp_modsecurity_core_rule_setModSecurity Core Rule Set
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-12925
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.39% / 30.93%
||
7 Day CHG+0.01%
Published-10 Nov, 2025 | 01:32
Updated-24 Feb, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
rymcu forest UserDicController.java deleteDic authorization

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

Action-Not Available
Vendor-rymcurymcu
Product-forestforest
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-39352
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.42% / 33.79%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenFGA Authorization Bypass

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a tupleset relation (the right hand side of a ‘from’ statement). This issue has been patched in version v0.2.5. This update is not backward compatible with any authorization model that uses wildcard on a tupleset relation.

Action-Not Available
Vendor-openfgaopenfga
Product-openfgaopenfga
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-39955
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-7.3||HIGH
EPSS-1.11% / 62.06%
||
7 Day CHG+0.03%
Published-20 Sep, 2022 | 00:00
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" names and therefore bypassing the configurable CRS Content-Type header "charset" allow list. An encoded payload can bypass CRS detection this way and may then be decoded by the backend. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively.

Action-Not Available
Vendor-owaspOWASPFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxowasp_modsecurity_core_rule_setModSecurity Core Rule Set
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-10611
Matching Score-4
Assigner-WSO2 LLC
ShareView Details
Matching Score-4
Assigner-WSO2 LLC
CVSS Score-9.8||CRITICAL
EPSS-0.78% / 51.55%
||
7 Day CHG~0.00%
Published-16 Oct, 2025 | 12:09
Updated-21 Nov, 2025 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential Broken Access Control in Multiple WSO2 Products via System REST APIs

Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerability could lead to a malicious actor gaining administrative access and performing unauthenticated and unauthorized administrative operations.

Action-Not Available
Vendor-WSO2 LLC
Product-identity_serveruniversal_gatewayopen_banking_iamopen_banking_kmapi_manageridentity_server_as_key_managerapi_control_planetraffic_manageropen_banking_amWSO2 Open Banking AMWSO2 Traffic ManagerWSO2 Open Banking IAMWSO2 Identity ServerWSO2 API Control PlaneWSO2 Identity Server as Key Managerorg.wso2.carbon.identity.auth.rest:org.wso2.carbon.identity.auth.valveWSO2 Universal Gatewayorg.wso2.carbon.identity.auth.rest:org.wso2.carbon.identity.auth.serviceWSO2 API ManagerWSO2 Open Banking KM
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-25660
Matching Score-4
Assigner-Ericsson
ShareView Details
Matching Score-4
Assigner-Ericsson
CVSS Score-9.3||CRITICAL
EPSS-0.45% / 35.83%
||
7 Day CHG~0.00%
Published-24 Apr, 2026 | 13:10
Updated-27 Apr, 2026 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication bypass for certain API calls

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls.  This bypass allows assigning arbitrary permission to any user existing in CodeChecker. This issue affects CodeChecker: through 6.27.3.

Action-Not Available
Vendor-Ericsson
Product-codecheckerCodeChecker
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-9082
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 41.15%
||
7 Day CHG+0.02%
Published-22 Sep, 2024 | 08:00
Updated-30 Sep, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Eyewear Shop User Creation Users.php improper authorization

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save of the component User Creation Handler. The manipulation of the argument Type with the input 1 leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-online_eyewear_shopOnline Eyewear Shoponline_eyewear_shop
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-6782
Matching Score-4
Assigner-STAR Labs SG Pte. Ltd.
ShareView Details
Matching Score-4
Assigner-STAR Labs SG Pte. Ltd.
CVSS Score-9.8||CRITICAL
EPSS-83.39% / 99.64%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 03:39
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Calibre Remote Code Execution

Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.

Action-Not Available
Vendor-Calibrecalibre
Product-Calibrecalibre
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-6695
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 51.97%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 06:00
Updated-02 Jan, 2026 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
profile-builder <= 3.11.8 - Unauthenticated Privilege Escalation

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process.

Action-Not Available
Vendor-cozmoslabsUnknowncozmoslabs
Product-profile_builderUser Profile Builderprofile_builder
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2022-35890
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.63% / 73.39%
||
7 Day CHG~0.00%
Published-15 Jul, 2022 | 20:07
Updated-03 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.

Action-Not Available
Vendor-inductiveautomationn/a
Product-ignitionn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-6914
Matching Score-4
Assigner-WSO2 LLC
ShareView Details
Matching Score-4
Assigner-WSO2 LLC
CVSS Score-9.8||CRITICAL
EPSS-0.56% / 42.78%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 18:26
Updated-06 Oct, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including accounts with elevated privileges. This vulnerability is exploitable only through the account recovery SOAP admin services exposed via the "/services" context path in affected products. The impact may be reduced if access to these endpoints has been restricted based on the "Security Guidelines for Production Deployment" by disabling exposure to untrusted networks.

Action-Not Available
Vendor-WSO2 LLC
Product-open_banking_amidentity_serveropen_banking_iamopen_banking_kmidentity_server_as_key_managerapi_managerWSO2 IoTWSO2 Identity ServerWSO2 API ManagerWSO2 Open Banking IAMWSO2 Open Banking AMWSO2 Governance RegistryWSO2 Carbon Identity ManagementWSO2 Open banking KMWSO2 Identity Server as Key Manager
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-6202
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 38.24%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 06:01
Updated-29 Aug, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HaloITSM - SAML XML Signature Wrapping (XSW)

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.

Action-Not Available
Vendor-haloservicesolutionsHalo Service Solutionshaloservicesolutions
Product-haloitsmHaloITSMhaloitsm
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-25293
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.6||CRITICAL
EPSS-0.18% / 7.91%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 16:43
Updated-06 May, 2026 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect authorization in PLC FW

Buffer overflow due to incorrect authorization in PLC FW

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca7005qca7005_firmwareSnapdragon
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-56431
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.82% / 76.07%
||
7 Day CHG+0.03%
Published-25 Dec, 2024 | 00:00
Updated-07 May, 2025 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.

Action-Not Available
Vendor-xiphn/a
Product-theoran/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-25875
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.29% / 20.57%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 21:07
Updated-11 Feb, 2026 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PlaciPy Admin Privilege Escalation via Trusted JWT Claims

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims (role and scope) without enforcing server-side role verification.

Action-Not Available
Vendor-prasklatechnologyPraskla-Technology
Product-placipyassessment-placipy
CWE ID-CWE-863
Incorrect Authorization
CVE-2011-1123
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.23% / 65.18%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 9.0.597.107 does not properly restrict access to internal extension functions, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-32310
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.54% / 71.86%
||
7 Day CHG+0.15%
Published-05 Jul, 2022 | 19:27
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.

Action-Not Available
Vendor-ingredient_stock_management_system_projectn/a
Product-ingredient_stock_management_systemn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-57032
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 45.51%
||
7 Day CHG~0.00%
Published-17 Jan, 2025 | 00:00
Updated-19 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field.

Action-Not Available
Vendor-wegian/a
Product-wegian/a
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-33174
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.43% / 95.96%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 17:04
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.

Action-Not Available
Vendor-powertekpdusn/a
Product-smart_poms_firmwaresmart_posbasic_pdupiml_pdusmart_pimpiml_pdu_firmwaresmart_pom_firmwaresmart_pomspm_pdupm_pdu_firmwaresmart_pos_firmwaresmart_pim_firmwaresmart_pombasic_pdu_firmwaren/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-32532
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-25.43% / 97.69%
||
7 Day CHG~0.00%
Published-28 Jun, 2022 | 23:20
Updated-03 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass Vulnerability

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

Action-Not Available
Vendor-The Apache Software Foundation
Product-shiroApache Shiro
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-30310
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-2.48% / 82.60%
||
7 Day CHG+0.02%
Published-13 Jun, 2022 | 13:45
Updated-20 Nov, 2024 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

Action-Not Available
Vendor-festoFesto
Product-controller_cecc-x-m1-mv-s1controller_cecc-x-m1controller_cecc-x-m1-ys-l2_firmwareservo_press_kit_yjkp_firmwareservo_press_kit_yjkp-controller_cecc-x-m1-ys-l1_firmwareservo_press_kit_yjkpcontroller_cecc-x-m1-mv_firmwarecontroller_cecc-x-m1-y-yjkpcontroller_cecc-x-m1-ys-l2controller_cecc-x-m1-mvcontroller_cecc-x-m1_firmwareservo_press_kit_yjkp-_firmwarecontroller_cecc-x-m1-y-yjkp_firmwarecontroller_cecc-x-m1-ys-l1controller_cecc-x-m1-mv-s1_firmwareController CECC-X-M1-MV (4407605)Controller CECC-X-M1-Y-YJKP (4803891)Controller CECC-X-M1 (8124922)Controller CECC-X-M1-MV-S1 (4407606)Controller CECC-X-M1-YS-L1 (8082793)Controller CECC-X-M1-MV (8124923)Controller CECC-X-M1-MV-S1 (8124924)Controller CECC-X-M1-YS-L2 (8082794)Servo Press Kit YJKP (8077950)Servo Press Kit YJKP- (8058596)Controller CECC-X-M1 (4407603)
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-30309
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-3.02% / 85.82%
||
7 Day CHG+0.02%
Published-13 Jun, 2022 | 13:45
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

Action-Not Available
Vendor-festoFesto
Product-controller_cecc-x-m1-mv-s1controller_cecc-x-m1controller_cecc-x-m1-ys-l2_firmwareservo_press_kit_yjkp_firmwareservo_press_kit_yjkp-controller_cecc-x-m1-ys-l1_firmwareservo_press_kit_yjkpcontroller_cecc-x-m1-mv_firmwarecontroller_cecc-x-m1-y-yjkpcontroller_cecc-x-m1-ys-l2controller_cecc-x-m1-mvcontroller_cecc-x-m1_firmwareservo_press_kit_yjkp-_firmwarecontroller_cecc-x-m1-y-yjkp_firmwarecontroller_cecc-x-m1-ys-l1controller_cecc-x-m1-mv-s1_firmwareController CECC-X-M1-MV (4407605)Controller CECC-X-M1-Y-YJKP (4803891)Controller CECC-X-M1 (8124922)Controller CECC-X-M1-MV-S1 (4407606)Controller CECC-X-M1-YS-L1 (8082793)Controller CECC-X-M1-MV (8124923)Controller CECC-X-M1-MV-S1 (8124924)Controller CECC-X-M1-YS-L2 (8082794)Servo Press Kit YJKP (8077950)Servo Press Kit YJKP- (8058596)Controller CECC-X-M1 (4407603)
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15900
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.11% / 79.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2019 | 15:41
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root.

Action-Not Available
Vendor-doas_projectn/a
Product-doasn/a
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2022-30311
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-2.78% / 84.62%
||
7 Day CHG+0.02%
Published-13 Jun, 2022 | 13:45
Updated-17 Sep, 2024 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

Action-Not Available
Vendor-festoFesto
Product-controller_cecc-x-m1-mv-s1controller_cecc-x-m1controller_cecc-x-m1-ys-l2_firmwareservo_press_kit_yjkp_firmwareservo_press_kit_yjkp-controller_cecc-x-m1-ys-l1_firmwareservo_press_kit_yjkpcontroller_cecc-x-m1-mv_firmwarecontroller_cecc-x-m1-y-yjkpcontroller_cecc-x-m1-ys-l2controller_cecc-x-m1-mvcontroller_cecc-x-m1_firmwareservo_press_kit_yjkp-_firmwarecontroller_cecc-x-m1-y-yjkp_firmwarecontroller_cecc-x-m1-ys-l1controller_cecc-x-m1-mv-s1_firmwareController CECC-X-M1-MV (4407605)Controller CECC-X-M1-Y-YJKP (4803891)Controller CECC-X-M1 (8124922)Controller CECC-X-M1-MV-S1 (4407606)Controller CECC-X-M1-YS-L1 (8082793)Controller CECC-X-M1-MV (8124923)Controller CECC-X-M1-MV-S1 (8124924)Controller CECC-X-M1-YS-L2 (8082794)Servo Press Kit YJKP (8077950)Servo Press Kit YJKP- (8058596)Controller CECC-X-M1 (4407603)
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-30308
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-2.69% / 84.06%
||
7 Day CHG+0.02%
Published-13 Jun, 2022 | 13:45
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

Action-Not Available
Vendor-festoFesto
Product-controller_cecc-x-m1-mv-s1controller_cecc-x-m1controller_cecc-x-m1-ys-l2_firmwareservo_press_kit_yjkp_firmwareservo_press_kit_yjkp-controller_cecc-x-m1-ys-l1_firmwareservo_press_kit_yjkpcontroller_cecc-x-m1-mv_firmwarecontroller_cecc-x-m1-y-yjkpcontroller_cecc-x-m1-ys-l2controller_cecc-x-m1-mvcontroller_cecc-x-m1_firmwareservo_press_kit_yjkp-_firmwarecontroller_cecc-x-m1-y-yjkp_firmwarecontroller_cecc-x-m1-ys-l1controller_cecc-x-m1-mv-s1_firmwareController CECC-X-M1-MV (4407605)Controller CECC-X-M1-Y-YJKP (4803891)Controller CECC-X-M1 (8124922)Controller CECC-X-M1-MV-S1 (4407606)Controller CECC-X-M1-YS-L1 (8082793)Controller CECC-X-M1-MV (8124923)Controller CECC-X-M1-MV-S1 (8124924)Controller CECC-X-M1-YS-L2 (8082794)Servo Press Kit YJKP (8077950)Servo Press Kit YJKP- (8058596)Controller CECC-X-M1 (4407603)
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-54803
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 36.02%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 09:51
Updated-17 Jun, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.

Action-Not Available
Vendor-Cozy Vision Technologies Pvt. Ltd.
Product-SMS Alert Order Notifications
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-27668
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-2.06% / 79.02%
||
7 Day CHG+0.05%
Published-14 Jun, 2022 | 16:57
Updated-03 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.

Action-Not Available
Vendor-SAP SE
Product-routernetweaver_as_abapnetweaver_as_abap_krnl64ucnetweaver_as_abap_krnl64nucSAP NetWeaver and ABAP Platform
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-26479
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.73% / 74.80%
||
7 Day CHG~0.00%
Published-17 Jul, 2022 | 22:01
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication.

Action-Not Available
Vendor-polyn/a
Product-eagleeye_director_ii_firmwareeagleeye_director_iin/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-26676
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-1.31% / 67.11%
||
7 Day CHG~0.00%
Published-07 Apr, 2022 | 18:22
Updated-16 Sep, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
aEnrich a+HRD - Broken Access Control

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.

Action-Not Available
Vendor-Yukai Digital Technology (aEnrich)
Product-a\+hrda+HRD
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-48176
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 36.21%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 00:00
Updated-01 May, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshed after a failed login, which allows attackers to blast the username and password and log into the system backend.

Action-Not Available
Vendor-lylmen/alylme
Product-lylme_spagen/alylme_spage
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-48237
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 35.75%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 00:00
Updated-17 Apr, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.

Action-Not Available
Vendor-wtcms_projectn/awtcms_project
Product-wtcmsn/awtcms
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-15941
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.20% / 80.33%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 19:39
Updated-28 May, 2025 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs.

Action-Not Available
Vendor-lemonldap-ngn/aDebian GNU/Linux
Product-debian_linuxlemonldap\n/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-24783
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-1.10% / 61.70%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 21:15
Updated-23 Apr, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox bypass leading to arbitrary code execution in Deno

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.

Action-Not Available
Vendor-denodenoland
Product-denodeno
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found