CVE-2026-53831

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

GHSA-2RC4-7JC6-QFFH Fleet has a Windows MDM management endpoint authentication bypass

Summary A vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Windows device and retrieve sensitive configuration data. Impact...

CVE-2026-34391 Fleet Vulnerable to Windows MDM cross-device command disclosure

Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...

CVE-2026-24308

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GetConfig and RefreshResource API endpoints. An attacker can access sensitive configuration data or trigger excessive reconciliations by sending requests with any non-empty Bearer token in the Authorizati...

CVE-2026-24748 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...

CVE-2020-7215

An issue was discovered in Gallagher Command Centre 7.x before 7.90.991MR5, 8.00 before 8.00.1161MR5, and 8.10 before 8.10.1134MR4. External system configuration data used for third party integrations such as DVR systems were logged in the Command Centre event trail. Any authenticated operator wi...

CVE-2025-63391

An authentication bypass vulnerability exists in Open-WebUI =0.6.32 in the /api/config endpoint. The endpoint lacks proper authentication and authorization controls, exposing sensitive system configuration data to unauthenticated remote attackers...

EUVD-2019-16391

Malware in sbrugna...

EUVD-2018-0234

Malware in sbrugna...

EUVD-2020-30325

Malware in sbrugna...

CVE-2025-55169

WeGIA is vulnerable to a path traversal flaw in the html/socio/sistema/download_remessa.php endpoint prior to version 3.4.8 . The issue allows unauthorized access to local server files and exposes sensitive configuration data via config.php, which could reveal database credentials. The vulnerabil...

CVE-2021-35036

A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50ABTL.0b2k could allow an authenticated attacker to obtain sensitive information from the configuration file...

CVE-2020-9519

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager server, affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data...

CVE-2019-6837

A Server-Side Request Forgery SSRF: CWE-918 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could cause server...

Scoold 安全漏洞

Scoold is an open source team quiz and knowledge sharing platform by Erudika. Scoold suffers from a security vulnerability that stems from a semicolon path injection vulnerability found in the /api;/config endpoint, where by appending a semicolon to a URL, an attacker can bypass authentication an...

Cisco UCS Central 安全漏洞

Cisco UCS Central is a server management software from Cisco USA. The software supports the management of multiple Cisco UCS instances or domains in different locations and environments. Up to 10,000 Cisco UCS servers blades, racks, and minis and Cisco HyperFlex systems can be supported using the...

The vulnerability of the software for designing, operating, and maintaining COMOS technological installations lies in the transfer of accounting data in unencrypted form, allowing a perpetrator to gain access to configuration data.

The vulnerability of COMOS’ software for the design, operation, and maintenance of technological installations lies in the transfer of accounting data in an unencrypted form. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to configuration data...

WAVLINK WN531G3 安全漏洞

The WAVLINK WN531G3 is a wireless router from China's RuiYin Technology WAVLINK. The WAVLINK WN531G3 M31G3.V5030.201204 version and M31G3.V5030.200325 version contain an access control error vulnerability that can be exploited by an attacker to download configuration data and log files...

CVE-2020-9519

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager server, affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data...