Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the config.yml file. An attacker can gain unauthorized access to sensitive information by exploiting the presence of a hard-coded cryptographic key. Remediation A fix was pushed into the master...

CVE-2018-25137 FLIR Brickstream 3D+ 2.1.742.1842 Unauthenticated Config File Disclosure

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authenticati...

PT-2025-53352

Name of the Vulnerable Software and Affected Versions Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 Description The software contains a stored cross-site scripting issue in the configuration file upload functionality. An attacker can upload a malicious HTML file that will execute...

CVE-2025-14405

PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the targ...

PT-2025-52733

Name of the Vulnerable Software and Affected Versions PhastPress versions prior to 3.8 Description The PhastPress plugin for WordPress is susceptible to Unauthenticated Arbitrary File Read due to a null byte injection issue. A discrepancy exists between how the extension validation in the...

CVE-2023-53974 D-Link DSL-124 ME_1.00 Backup Configuration File Disclosure via Unauthenticated Request

D-Link DSL-124 ME1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing...

PT-2025-52618

Name of the Vulnerable Software and Affected Versions CouchCMS versions up to 2.4 Description A security issue exists in CouchCMS related to the reCAPTCHA Handler component. The issue resides in an unknown function within the couch/config.example.php file. Manipulation of the arguments K RECAPTCH...

CVE-2025-11774

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the software keyboard function hereinafter referred to as "keypad function" of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions...

CVE-2025-14738

Improper authentication vulnerability in TP-Link WA850RE httpd modules allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...

CVE-2025-11774

CVE-2025-11774 affects Mitsubishi Electric GENESIS64 family, ICONICS Suite/MobileHMI/MC Works64 (versions up to 10.97.2 CFR3 and prior). The issue is an OS Command Injection via the software keypad function, caused by improper neutralization of special elements. A local attacker can cause executi...

PT-2025-52394

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 CFR3 and prior Mitsubishi Electric ICONICS Suite versions 10.97.2 CFR3 and prior Mitsubishi Electric Iconics...

CVE-2025-14738

Improper authentication vulnerability in TP-Link WA850RE httpd modules allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...

CVE-2025-14738

Improper authentication vulnerability in TP-Link WA850RE httpd modules allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...

CVE-2025-14738 Configuration Disclosure Vulnerability in TP-Link WA850RE

Improper authentication vulnerability in TP-Link WA850RE httpd modules allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...

CVE-2025-65009

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with th...

WODESYS WD-R608U 安全漏洞

The WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. A security vulnerability exists in the WODESYS WD-R608U that originates from a configuration file storing the administrator password in clear text, which could allow an unauthorized user to obtain the password...

PT-2025-52277

Improper authentication vulnerability in TP-Link WA850RE httpd modules allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2 160527, ≤ WA850RE V3 160922...

Mozilla Firefox < 3.0.15

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 3.0.15. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-55 advisory. - Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute...

CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

EUVD-2025-203990

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...