CVE-2026-1836 Stored credentials in Redmine

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials...

CVE-2026-27662

Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performin...

EUVD-2026-29429

Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performin...

CVE-2026-27662

Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performin...

CVE-2026-27662

Technical details are not publicly available in the provided documents. Monitor for updates on affected products, vulnerable components, and remediation.

Siemens SIMATIC HMI Comfort Panels 安全漏洞

Siemens SIMATIC HMI Comfort Panels are touchscreen devices produced by the German company Siemens. There are security vulnerabilities in Siemens SIMATIC HMI Comfort Panels. These vulnerabilities stem from improper restrictions on access to web browsers through the control panel. This allows...

PT-2026-39987

Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performin...

Siemens SIMATIC

SUMMARY SIMATIC HMI Unified Comfort Panels before V21.0 are affected by a vulnerability that allows an unauthenticated attacker to access the web browser via the help link. This vulnerability allows an attacker to access the web browser through the Control Panel if it is not protected by the...

GHSA-Q5FH-2HC8-F6RQ Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

Summary Ray’s dashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding or same-network access can issue DELETE requests...

CVE-2023-49001

An issue in Indi Browser aka kvbrowser v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component...

CVE-2021-31900

In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host...

EUVD-2025-33697

A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0...

EUVD-2018-14265

Malware in sbrugna...

EUVD-2009-5123

Malware in sbrugna...

EUVD-2007-6719

Malware in sbrugna...

EUVD-2017-17805

Malware in sbrugna...

EUVD-2024-32046

Malicious code in bioql PyPI...

EUVD-2024-34982

Malicious code in bioql PyPI...

CVE-2025-57601

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...

Citrix Workspace App for MAC - Intermittent sign in failure, browser access works

Administrators may notice that the Mac end points intermittently fail sign into workspace app. Visiting the store via browser would work consistently...