编号撤回

BYD Atto3 is a pure electric compact SUV produced by BYD Corporation of China. The BYD Atto3 has a security vulnerability. This vulnerability allows attackers to obtain permanently valid authentication keys through brute-force attacks, enabling them to perform flash memory operations on the ECUs...

Mozilla Firefox和Mozilla Thunderbird 访问控制错误漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

PT-2026-41842

There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface...

CVE-2025-61081

...

CtrlPanel.gg 访问控制错误漏洞

CtrlPanel.gg is an open-source host service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a security vulnerability related to access control. This vulnerability arose from multiple administrator controllers performing permission checks on...

MLflow 访问控制错误漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Version 3.9.0 of MLFlow contains a security vulnerability related to access control. This...

Apache OFBiz 访问控制错误漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a security vulnerability related to access control, which stemmed fro...

Security Advisory 0139

Security Advisory 0139 PDF Date: May 19, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 19, 2026 | Initial release The CVE-ID tracking this issue: CVE-2025-49844 CVSSv3.1 Base Score: 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSSv4.0 Base Score: 9.4...

PT-2026-41892

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description Broken Access Control exists in the communication with the database. Due to a lack of permission checks, a low privileged user can execute arbitrary SQL queries within the...

Sparx Systems Sparx Pro Cloud Server 安全漏洞

Sparx Systems' Sparx Pro Cloud Server is a modeling and service platform developed by the Australian company Sparx Systems. It supports remote access to model repositories and collaborative management. Versions of Sparx Pro Cloud Server prior to version 6.1 contained security vulnerabilities. The...

WordPress plugin Presto Player 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2025-209899

In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break EPB and Supplemental Restoration System SRS related ECUs...

CVE-2025-61081

DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Apache OFBiz 授权问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had vulnerabilities related to authorization issues, which stemmed from imprope...

Mantis Bug Tracker 信息泄露漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier contained a vulnerability related to information leakage. This vulnerability stemmed from allowing users to list and download attachments that they had...

Mantis Bug Tracker 访问控制错误漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier contained a access control vulnerability. This vulnerability stemmed from insufficient access control checks in the ProjectUsersAddCommand, allowing users...

CVE-2025-61081

In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break EPB and Supplemental Restoration System SRS related ECUs...

PT-2026-42362

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

PT-2026-42011

Name of the Vulnerable Software and Affected Versions ZKTeco CCTV cameras affected versions not specified Description An issue exists in ZKTeco CCTV cameras that allows unauthenticated users to export configuration data, which leads to the exposure of administrator credentials. Recommendations...

PT-2026-41983

Name of the Vulnerable Software and Affected Versions BYD Atto3 affected versions not specified Description An attacker can obtain a permanently available authentication key through a Brute Force attack. This key allows unauthorized flashing of the Electronic Parking Break EPB and Supplemental...