Authorization Bypass
gitlab is vulnerable to Authorization Bypass. The vulnerability allows a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsusp ...
Continue Reading
August 23, 2023
CVE-2023-30683
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission.Read More ...
Continue Reading
August 15, 2023
CVE-2023-30682
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.Read More ...
Continue Reading
August 15, 2023
CVE-2023-30684
Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.Read More ...
Continue Reading
August 15, 2023
CVE-2023-37858
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an en ...
Continue Reading
August 09, 2023
CVE-2023-37857
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to ...
Continue Reading
August 09, 2023
CVE-2023-3669
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.Read More ...
Continue Reading
August 03, 2023
CVE-2023-3947
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and in ...
Continue Reading
July 26, 2023
CVE-2023-3947
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and in ...
Continue Reading
July 26, 2023
CVE-2023-25840
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 â 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute ...
Continue Reading
July 21, 2023
