CVE-2026-1280

CVE-2026-1280 affects the WordPress Frontend File Manager Plugin, versions up to 23.5. The vulnerability stems from a missing capability check on the AJAX action wpfm_send_file_in_email, allowing unauthenticated attackers to share arbitrary uploaded files by supplying a file_id. File IDs are sequ...

CVE-2026-24124

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

CVE-2025-59097

The exos 9300 application can be used to configure Access Managers e.g. 92xx, 9230 and 9290. The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuration is sent to the selected Access Manager via...

Hacking Wheelchairs over Bluetooth

Researchers have demonstrated remotely controlling a wheelchair over Bluetooth. CISA has issued an advisory. CISA said the WHILL wheelchairs did not enforce authentication for Bluetooth connections, allowing an attacker who is in Bluetooth range of the targeted device to pair with it. The attacke...

CVE-2025-68931 Jervis has AES CBC Mode Without Authentication

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

GHSA-GXP5-MV27-VJCJ Jervis's AES CBC Mode is Without Authentication

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL682-L684...

CVE-2025-65552

D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message authentication, or anti-replay protection, allowing an attacker within RF range to record valid alarm/control frames an...

CVE-2025-65552

D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message authentication, or anti-replay protection, allowing an attacker within RF range to record valid alarm/control frames an...

CVE-2025-65552

Vulnerability summary (CVE-2025-65552): D3D Wi‑Fi Home Security System ZX‑G12, version 2.1.1, is vulnerable due to lack of rolling codes, message authentication, and anti‑replay protection on the 433 MHz sensor channel. An attacker within RF range can record valid alarm/control frames and replay ...

PT-2026-2307

Name of the Vulnerable Software and Affected Versions WebErpMesv2 versions prior to 1.19 Description The WebErpMesv2 application lacks authentication middleware for multiple sensitive API endpoints. This allows an unauthenticated remote attacker to read business-critical data, including companies...

CVE-2025-13493

The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...

CVE-2025-14346

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user...

WHILL Model C2和WHILL Model F 访问控制错误漏洞

The WHILL Model C2 and WHILL Model F are both power wheelchairs from WHILL USA. An access control error vulnerability exists in the WHILL Model C2 and WHILL Model F. The vulnerability stems from a lack of authentication over a Bluetooth connection, which could lead to unauthorized control of the...

PT-2025-53392

Name of the Vulnerable Software and Affected Versions Pexip Infinity versions prior to 39.0 Description A critical function within a product-internal API lacks proper authentication. An attacker who has already gained the ability to execute code on one node within a Pexip Infinity installation ca...

CVE-2024-49587 Glutton V1 endpoints missing authentication

Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed...

PT-2025-51840

Name of the Vulnerable Software and Affected Versions Netun Solutions HelpFlash IoT version v18 178 221102 ASCII PRO 1R5 50 Description The over-the-air OTA firmware update process in the software does not properly authenticate update servers or validate firmware signatures, and relies on...

CVE-2025-59516

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...

pipeshub-ai 代码问题漏洞

pipeshub-ai is an enterprise automation platform open-sourced by PipesHub AI - The Open Source Alternative to Glean. A code issue vulnerability exists in versions prior to pipeshub-ai 0.1.0-beta, which stems from a lack of authentication and could allow an attacker to remotely overwrite files or...

CVE-2025-42875

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

CVE-2025-42875

CVE-2025-42875 relates to the SAP NetWeaver/Internet Communication Framework where authentication checks are missing for features needing user identification, enabling reuse of authorization tokens. The issue, described across multiple feeds, indicates a vulnerability in SAP’s web/EC framework th...