CVE-2026-36538

Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying...

Ella Core 安全漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of whether the...

Synology Assistant 访问控制错误漏洞

Synology Assistant is a network storage device discovery and management tool provided by the Chinese company Synology. Versions of Synology Assistant prior to 7.0.6-50085 contained a access control vulnerability caused by a source verification error. This vulnerability could allow local users to...

Synology ActiveProtect Agent 访问控制错误漏洞

Synology ActiveProtect Agent is a terminal data backup and recovery agent provided by the Chinese company Synology. Versions of Synology ActiveProtect Agent prior to 1.1.0-0439 contained a access control vulnerability caused by a source validation error. This vulnerability could allow local users...

Goobi viewer - Core 访问控制错误漏洞

Goobi Viewer - Core is a digital data display and browsing web application framework developed by intranda GmbH. In versions 4.8.0 to 26.04.1 of Goobi Viewer - Core, there was an access control vulnerability. This vulnerability stemmed from REST endpoints accepting arbitrary Solr stream expressio...

WeGIA 输入验证错误漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.7.3 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation or restrictions on the nextPage parameter...

CVE-2026-33552

Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control...

PT-2026-43638

Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...

PT-2026-43661

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...

CVE-2026-45918

ovpn: tcp - dont deref NULL sksocket member after tcpclose...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the igorplugusb driver not following the DMA consistency rules for USB control requests,...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to return an error code when restoring the host CR3 during a nested VMEXIT, but this...

WordPress plugin Adminimize 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-43455

Summary The IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core do not enforce the required SystemPrivilege.ControlAccess check. As a result, any authenticated user even those with low or no privileges can enumerate all user accounts in the system, including their...

PT-2026-44025

Name of the Vulnerable Software and Affected Versions DearFlip versions prior to 2.4.28 Description A missing authorization issue in DearHive DearFlip allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails ...

PT-2026-44045

Name of the Vulnerable Software and Affected Versions The Post Grid versions prior to 7.9.3 Description A missing authorization issue allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a version newer than 7.9.2...

PT-2026-43785

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the OpenVPN implementation within the Linux kernel. When a peer is deleted due to keepalive expiration, it is moved to a release list for processing via the ov...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which arises from the lack of validation when ICMP reply types exceed the range of the icmppointers array, potentially...

FileRise 访问控制错误漏洞

FileRise is a lightweight, self-hosted web-based file manager developed by Ryan. Versions of FileRise prior to 3.12.0 contained an access control vulnerability. This vulnerability stemmed from the /api/totpsetup.php endpoint, which could be accessed via a session that only requires password...

HCL BigFix Remote Control Server WebUI 安全漏洞

HCL BigFix Remote Control Server WebUI is a web interface provided by the Indian company HCL for remote management and control. HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier have security vulnerabilities. These vulnerabilities stem from incorrect configuration of content...