The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their...
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials...
A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory...
Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability...
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim...
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the...
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to...
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to...
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information. Date published...
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the...
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the...
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary...
Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE)...
A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean...
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.