2727 matches found
CVE-2025-41765
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...
EUVD-2025-208377
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...
CVE-2025-41765
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...
CVE-2025-41765
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...
CVE-2025-41765 Unchecked role in wwwupload.cgi
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...
CVE-2025-41765
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...
CVE-2025-41765
The CVE-2025-41765 issue centers on an unchecked authorization enforcement in the wwwupload.cgi endpoint, enabling an unauthorized remote attacker to upload and apply arbitrary data. The known impact includes the ability to introduce contact images, HTTPS certificates, system backups for restorat...
PT-2026-24035
Name of the Vulnerable Software and Affected Versions Versions prior to 2025-41765 Description Insufficient authorization enforcement allows a remote attacker to upload and apply arbitrary data through the wwwupload.cgi endpoint. This includes contact images, HTTPS certificates, system backups,...
CVE-2026-30859
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...
CVE-2026-30859 WeKnora: Broken Access Control - Cross-Tenant Data Exposure
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...
CVE-2026-30859
WeKnora prior to version 0.2.12 suffers broken access control in the database query tool, allowing any authenticated tenant to read data from other tenants (models, messages, embeddings) including API keys and model configurations due to failure to enforce tenant isolation on critical tables. The...
UptimeFlare 信息泄露漏洞
UptimeFlare is a cloud-based website availability monitoring and status page software developed by lyc8503 as an individual developer. UptimeFlare has a vulnerability related to information leakage, which stems from the direct import of server-side configurations from client code, potentially...
CVE-2026-27944
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...
Malicious code in webmd-url (npm)
Package exfiltrates data via pre/postinstall scripts, and has a suspicious main entrypoint targeting MongoDB configurations. Package extracts data like username, hostname and current working directory and sends it to malicious domain http://4v6heh2m.requestrepo.com/depconf/webmd-url/ --- -= Per...
MAL-2026-1260 Malicious code in webmd-url (npm)
Package exfiltrates data via pre/postinstall scripts, and has a suspicious main entrypoint targeting MongoDB configurations. Package extracts data like username, hostname and current working directory and sends it to malicious domain http://4v6heh2m.requestrepo.com/depconf/webmd-url/ --- -= Per...
EUVD-2026-9789
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...
International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞
The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device developed by the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has a security vulnerability, which stems from the globally readable...
OpenClaw 加密问题漏洞
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a cryptographic issue vulnerability that stems from the use of SHA-1 hashed Docker and browser sandbox configurations of the sandbox identifier cache key, which can be exploited by an attacker to enable...
Authentication Bypass
Apache Tomcat is vulnerable to Authentication Bypass. The vulnerability is due to improper validation between the TLS SNI hostname and the HTTP Host header, allowing a client to send mismatched hostnames and bypass client certificate authentication in configurations with multiple virtual hosts...
CVE-2026-28195
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations...