CVE-2025-14286

The CVE-2025-14286 entry concerns Tenda AC9 devices with version 15.03.05.14_multi. The vulnerability targets the file /cgi-bin/DownloadCfg.jpg in the Configuration File Handler, where an unknown functionality can be manipulated to disclose information. The issue can be exploited remotely, and pu...

CVE-2025-14286 Tenda AC9 Configuration File DownloadCfg.jpg information disclosure

A vulnerability was determined in Tenda AC9 15.03.05.14multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The...

CVE-2025-63739

Xinhu Rainrock RockOA 2.7.0 is affected by CVE-2025-63739 due to a flaw in phpinisaveAction() in webmain/system/cogini/coginiAction.php. An authenticated user can use the a parameter on index.php to modify PHP configuration files. The vulnerability affects the cited version; Red Hat and other sou...

Tenda AC9 访问控制错误漏洞

Tenda AC9 is a wireless router from Tenda China. An access control error vulnerability exists in Tenda AC9 version 15.03.05.14multi, which stems from improper handling of configuration files and could lead to information disclosure...

PT-2025-49758

Name of the Vulnerable Software and Affected Versions Tenda AC9 version 15.03.05.14 multi Description A flaw exists in Tenda AC9 version 15.03.05.14 multi related to an unknown functionality within the /cgi-bin/DownloadCfg.jpg file of the Configuration File Handler component. This issue allows fo...

WordPress plugin WebP Express 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WebP Express, which stem...

SUSE-SU-2025:21084-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2025-11561: Fixed default Kerberos configuration allowing privilege escalation on AD-joined Linux systems bsc1251827 Other fixes: - Install file in krb5.conf.d to include sssd krb5 config snippets bsc1244325...

CVE-2019-25227

Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/systemconfigfile management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configuration...

CVE-2019-25227 Tellion HN-2204AP Unauthenticated Configuration Disclosure

Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/systemconfigfile management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configuration...

CVE-2019-25227 Tellion HN-2204AP Unauthenticated Configuration Disclosure

Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/systemconfigfile management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configuration...

CVE-2019-25227

Tellion HN-2204AP routers are affected by CVE-2019-25227 due to an unauthenticated disclosure vulnerability in the /cgi-bin/system_config_file management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without authentication or authorization, potentially expos...

MegaTec ClientMate 安全漏洞

MegaTec ClientMate is a power management software from Taiwan, China-based MegaTec. A security vulnerability exists in MegaTec ClientMate that stems from insecure permissions in the C:\usr directory, which could lead to configuration file replacement or DLL hijacking...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the process of obtaining the external control key from the configuration file. An attacker can access arbitrary files with elevated privileges by leveraging authenticated access with low-level privileges...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the process of obtaining the external control key from the configuration file. An attacker can access arbitrary files with elevated privileges by leveraging authenticated access with low-level privileges...

Siemens SICAM Q100/Q200 Cleartext Storage of Sensitive Information (CVE-2025-40753)

Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes. This plugin only works with Tenable.ot. Please visit...

CVE-2025-9982

A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...

CVE-2016-15056 Ubee EVW3226 Unauthenticated Backup File Disclosure

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

Malicious code in pulsar-crust-acamar-technosignature (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca5355cbd68aac1da711412886e7e3a77b66c193fddd4cfb2ff2a0ed9e7726b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176671

Malicious code in resolvers-superflare-chalk-ini npm...

Malicious code in double-uglify-long-static-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86cbddf969fda2c0a80a2252a875d61720e0aa7aa2b2a5725fd102e01d1f0c6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...