EUVD-2026-31324

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials host, username, password, database name in importmdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values...

PT-2026-39647

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-rc.2 Description The Twig sandbox allow-list permits any user with the admin.pages role to call the config.toArray function from within a page body. This action dumps the entire merged site configuration into the...

GHSA-VRQV-52X7-RM4V Kimai's Twig function config() leaks server-wide secrets (LDAP bind password, SAML SP private key) via invoice/export templates

Summary Kimai's Twig sandbox StrictPolicy, used for admin-uploaded invoice and export templates allow-lists the config Twig function with no key filtering. configname delegates to App\Configuration\SystemConfiguration::find$name, which returns arbitrary entries from the flattened kimai.config...

CVE-2026-30778 Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

CVE-2025-1787

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege...

CVE-2025-1787

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege...

CVE-2025-1787

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege...

Edimax EW-7438RPn 安全漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Version 1.13 of the Edimax EW-7438RPn contains a security vulnerability. This vulnerability stems from an information leakage flaw, allowing attackers to retrieve sensitive information stored in device...

CVE-2023-53896

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...

EUVD-2025-197664

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...

EUVD-2007-3509

Malware in sbrugna...

EUVD-2021-19513

Malware in sbrugna...

EUVD-2025-26429

Malicious code in bioql PyPI...

Output Messenger < 2.0.63 Multiple Vulnerabilities

The version of Output Messenger formerly Srimax Output Messenger is affected by multiple vulnerabilities, as follows: - Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access...

Srimax Output Messenger Directory Traversal Vulnerability

Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

CVE-2025-27920

CVE-2025-27920 affects Output Messenger prior to version 2.0.63 (Windows) with a directory traversal vulnerability in the Output Messenger Server Manager that allows an authenticated user to use ../../.. sequences in file-path parameters to access files outside the intended directory, potentially...

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

PT-2025-19714 · Unknown · Output Messenger

Name of the Vulnerable Software and Affected Versions: Output Messenger versions prior to 2.0.63 Description: The issue is related to a directory traversal vulnerability in the Output Messenger Server Manager application. This vulnerability allows remote attackers to access sensitive files outsid...

quarkus-core: Leak of local configuration properties into Quarkus applications

A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...