Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Import function in the TTS Configuration Endpoint. An attacker can access internal resources or services by sending crafted requests through the vulnerable endpoint. Remediation There is no fixed...

EUVD-2026-33879

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...

CVE-2026-10583

A vulnerability in nextlevelbuilder GoClaw up to 3.11.3 affects the Import function in internal/http/tts_config.go (TTS Configuration Endpoint). The issue enables server-side request forgery (SSRF) and can be triggered remotely. Exploit details have been publicly disclosed, and the project charac...

PT-2026-45691

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate...

CVE-2026-42151

A flaw was found in Prometheus, an open-source monitoring system. The clientsecret field within the Azure Active Directory AD remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access t...

CVE-2025-71284

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

CVE-2026-41273

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow. By accessing a public...

Unauthenticated configuration modification vulnerability in Central Office Services - Content Hosting Component

Overview A security flaw exists in the configuration management endpoint of the DRC INSIGHT software, allowing an unauthenticated user with access to the same network as the server to modify the server’s configuration file. This could enable data exfiltration, traffic redirection, or service...

EUVD-2026-21992

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30811

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30811 Missing Authorization in Configuration Ajax Endpoint leads to Information Disclosure

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30811

CVE-2026-30811 affects Pandora FMS (versions 777–800) and is a Missing Authorization vulnerability exposed via a configuration Ajax endpoint, causing exposure of sensitive information. The NVD/NVD-derived data lists a CVSS4 base score of 8.4 (HIGH) with NETWORK attack vector, LOW complexity, and ...

CVE-2026-30811

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30811 Missing Authorization in Configuration Ajax Endpoint leads to Information Disclosure

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800...

PT-2026-32385

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the validate function in the /api/configuration/name configuration API endpoint. An attacker can gain unauthorized read access to sensitive configuration files outside the intended directory by submitting special...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the validate function in the /api/configuration/name configuration API endpoint. An attacker can gain unauthorized read access to sensitive configuration files outside the intended directory by submitting special...

EUVD-2026-19732

Emissary has a Path Traversal via Blacklist Bypass in Configuration API...

CVE-2026-35583

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants,...

CVE-2026-35583 Emissary has a Path Traversal via Blacklist Bypass in Configuration API

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants,...