Tag

Unauthorized-Access

4 briefs RSS

Anviz CX2 Lite Authenticated Command Injection Vulnerability (CVE-2026-35682)

Anviz CX2 Lite is vulnerable to an authenticated command injection via the filename parameter, leading to arbitrary command execution and root-level access.

command-injection unauthorized-access iot

2r 1t 1c 2w ago

critical advisory

LearnPress WordPress Plugin Unauthorized Data Deletion Vulnerability (CVE-2026-4365)

2 rules 1 TTP 1 CVE

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function, allowing unauthenticated attackers to delete quiz answer options.

wordpress plugin learnpress data-deletion unauthorized-access

2r 1t 1c 2w ago

high advisory

Red Hat OpenShift AI Llama Stack Unauthorized Access Vulnerability (CVE-2025-12805)

2 rules 1 TTP 2 IOCs

CVE-2025-12805 describes a flaw in Red Hat OpenShift AI (RHOAI) llama-stack-operator that allows unauthorized access to Llama Stack services in other namespaces via direct network requests due to missing NetworkPolicy restrictions, potentially enabling attackers to view or manipulate sensitive data.

openshift kubernetes networkpolicy unauthorized-access

2r 1t 2i Mar 27, 2026

medium advisory

Azure AD Authentication from Unexpected Geo-locations

2 rules 1 TTP

Detection of successful authentications originating from geographic locations outside of an organization's expected operational footprint, potentially indicating compromised credentials or unauthorized access.

Azure Active Directory azuread authentication geo-location unauthorized-access credential-compromise privilege-escalation

2r 1t Jan 29, 2024