CVE-2026-8606

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

CVE-2026-7163

CVE-2026-7163 affects the Assisted-service REST API in the Multicluster Engine (MCE) used with Red Hat ACM/MCE on-prem deployments. An authenticated user with minimal namespace privileges can obtain administrative credentials (the kubeadmin password) and kubeconfig for any cluster provisioned thr...

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

EUVD-2025-209116

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

CVE-2025-7741

The CVE-2025-7741 entry concerns a hardcoded password issue in CENTUM VP systems. A hardcoded PROG user password (CENTUM Authentication Mode) exists in CENTUM VP releases R5.01.00–R5.04.20, R6.01.00–R6.12.00, and R7.01.00. Exploitation requires local access: an attacker must obtain the hardcoded ...

CVE-2026-31882 Dagu SSE Authentication Bypass in Basic Auth Mode

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication DAGUAUTHMODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG...

CVE-2026-32302

CVE-2026-32302 affects OpenClaw. In versions before 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode = trusted-proxy and the request carried proxy headers, allowing an untrusted-origin page to connect through a trusted reverse proxy and obt...

GHSA-GX77-XGC2-4888 Ray's New Token Authentication is Disabled By Default

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

EUVD-2025-37036

Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode...

EUVD-2020-4939

Malware in sbrugna...

CVE-2025-8826

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function umrpautochannel of the file /goform/RPsetBasicAuto. The manipulation of the argument apcliAuthMode2G/apcliAuthMode5G leads to stack-based buffer...

CVE-2025-8826

CVE-2025-8826 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 up to version 20250801. The vulnerability exists in the function um_rp_autochannel inside /goform/RP_setBasicAuto, where manipulation of the arguments apcli_AuthMode_2G and apcli_AuthMode_5G triggers a stack-based buffer over...

Linksys多款产品 安全漏洞

Linksys RE6250 and others are a wireless extender from Linksys USA. A security vulnerability exists in various Linksys products that stems from improper manipulation of the apcliAuthMode2G and apcliAuthMode5G parameters by the umrpautochannel function, which may result in a stack buffer overflow...

CVE-2020-12638

An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266NONOSSDK devices through 3.0.3, and ESP8266RTOSSDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encrypti...

Apache HugeGraph-Server Security Bypass Vulnerability

Apache HugeGraph-Server is the United States Apache Apache Foundation of a fast, scalable graph database. A security bypass vulnerability exists in Apache HugeGraph-Server, which can be exploited by an attacker to bypass whitelisting by sending specially crafted requests in authentication mode...

Apache HugeGraph 安全漏洞

Apache HugeGraph-Server is the United States Apache Apache Foundation of a fast, scalable graph database. A security bypass vulnerability exists in Apache HugeGraph-Server, which can be exploited by an attacker to bypass whitelisting by sending specially crafted requests in authentication mode...

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...