CVE-2026-21916

A UNIX Symbolic Link Symlink Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file lin...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization in the POST /reset-profile endpoint, which could allow callers with the...

EUVD-2026-20544

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modificatio...

CVE-2026-2699

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...

EUVD-2024-55533

Hirschmann HiEOS devices contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication handling to obtain elevated...

CVE-2026-2699

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...

CVE-2026-2699

CVE-2026-2699 affects Progress ShareFile Storage Zones Controller (SZC). An unauthenticated attacker can bypass authentication to access restricted configuration pages (notably via the Admin.aspx path), enabling changes to system configuration and potentially enabling remote code execution. The i...

CVE-2026-2699 EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...

EUVD-2026-17107

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

EUVD-2025-209110

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...

CVE-2025-15445

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...

CVE-2021-27388

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control...

CVE-2026-32678

The CVE-2026-32678 entry describes an authentication bypass vulnerability in BUFFALO Wi‑Fi router products. The issue would allow an attacker to alter critical configuration settings without authentication, compromising device configuration integrity and potentially impacting network management. ...

Fleet SQL注入漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.81.0 contained a SQL...

Harbor: LDAP password and OIDC secret are not redacted in the audit log

Impact Harbor write configuration payload to audit log when configuration change, the ldapsearchpassword and oidcclientsecret will be logged in the audit log without redacted Patches Harbor v2.15.0, v2.14.3, v2.13.5 Workarounds Disable audit log configure event in Harbor Web Console: Go to...

CVE-2026-26213

thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter...

EUVD-2026-12653

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any...

CVE-2026-32839

Edimax GS-5008PL firmware 1.00.54 and earlier is impacted by a cross-site request forgery (CSRF) vulnerability. The issue stems from lack of anti-CSRF tokens and insufficient request validation, enabling remote attackers to coerce logged-in administrators into performing actions via malicious pag...