545 matches found
EUVD-2026-13865
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
CVE-2026-32810 Halloy has insecure file permissions on credential files
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
CVE-2026-32297
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...
DataEase 路径遍历漏洞
DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Versions of DataEase prior to 2.10.20 contained a path traversal...
GO-2026-4651 Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys in github.com/gravitl/netmaker
Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys in github.com/gravitl/netmaker...
GHSA-4HGG-C4RR-6H7F Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys
A user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/network or GET /api/nodes/network. While the Netmaker UI restricts visibility, the API endpoints return full records, including private keys, without...
Tenda W15E 安全漏洞
The Tenda W15E is a wireless router produced by the Chinese company Tenda. The Tenda W15E V02.03.01.26cn version contains a security vulnerability. This vulnerability stems from improper access control, which may allow unverified attackers to download configuration files containing plaintext...
CVE-2026-29128
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...
Exploit for OS Command Injection in Motioneye_Project Motioneye
CVE-2025-60787 Detection Rules Detection content for CVE-20...
SUSE-SU-2026:20590-1 Security update for autogen
This update for autogen fixes the following issues: - CVE-2025-8746: Fixed improper input validation and memory bounds checking when processing certain malformed configuration files bsc1247921...
CVE-2026-26985 LORIS vulnerable to path traversal in electrophysiology_browser
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can re...
CVE-2026-26985 LORIS vulnerable to path traversal in electrophysiology_browser
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can re...
EUVD-2025-208086
The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple...
CVE-2026-25992
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...
PT-2026-7476
Name of the Vulnerable Software and Affected Versions JUNG Smart Panel KNX firmware versions prior to L1.12.22 Description The JUNG Smart Panel KNX firmware does not properly validate file path input in its embedded web interface. This allows remote, unauthenticated attackers to access arbitrary...
CVE-2026-25815
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...
CVE-2026-25815
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...
CVE-2026-25815
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...
CVE-2026-25815
CVE-2026-25815 affects Fortinet FortiOS up to and including 7.6.6. The issue stems from an encryption weakness where the default LDAP encryption key is the same across all installations, enabling attackers to decrypt LDAP credentials stored in device configuration files. Exploitation was observed...
📄 glFusion 1.3.0 Blind SQL Injection
A critical blind SQL Injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This is older research...