V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows normal users to gain administrative access by manipulating the user role parameter. Attackers can send a cr
An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated user
An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged crede
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users whe
A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM
attacker to impersonate managed devices.
Due to insuff
Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.
Thi
A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00(ACPS.2)C0, GS1200-8v3 firmware versions through 1.00(ACPT.2)C0, GS1200-5HPv3 firmware versions through 1.00(AC
An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the m
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices connected to
A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default c
Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers
The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability. Although the product enforces an IP whitelist for the API used to query user tokens,
An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidial_sales_viewer.php component when password encryption is enabled (a non-defau
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to e
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authen
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue
Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote