EUVD-2026-34276

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...

CVE-2026-49204

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

CVE-2026-49204

Technical details about CVE-2026-49204 are not publicly available in the provided documents; monitor for updates.

CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

CVE-2026-49204

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

EUVD-2026-34216

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

Squid Proxy - HTTP Authentication Credentials Disclosure

Squid versions prior to 7.2 fail to redact HTTP authentication credentials in error page responses. The Authorization header value is embedded in plain text inside the mailto: diagnostic block when Squid generates an error page e.g. ERRDNSFAIL. id: CVE-2025-62168 info: name: Squid Proxy - HTTP...

Debug Endpoint pprof - Exposure Detection

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8,...

CVE-2026-49185 Instruction Injection via FieldX MDM

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...

CVE-2026-49185

The CVE-2026-49185 entry concerns FieldX MDM where the adb messaging topic passes unverified payloads directly into Runtime.exec(), enabling command/instruction injection. Affected component: adb messaging topic within FieldX MDM; root cause is unverified payloads executed via Runtime.exec(). Imp...

CVE-2026-35906

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...

PT-2026-46155

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

CVE-2026-35906

CVE-2026-35906 affects T3 Technology CPE models T625Pro v1.0.07 and T6825G v1.0.03. The vulnerability stems from an undocumented debug CGI endpoint that is accessible without authentication, allowing an attacker to supply a crafted HTTP query string to execute arbitrary commands with root privile...

PT-2026-46242

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...

CVE-2026-35906

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse t...

Linux Distros Unpatched Vulnerability : CVE-2026-45878

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdkfd: Fix watchid bounds checking in debug address watch v2 The address watch clear code receives watchid as an unsigned value u32, but some helper...

PT-2026-46055

ParsedReport ChatGPT Translated Autotext: TI Report Analyser + ChatGPT + Auto Translate ------ В марте 2023 года был обнаружен вариант ботнета Gafgyt под названием C0XMO, использующий уязвимость CVE-2021-27137 в маршрутизаторах DD-WRT для распространения на различные архитектуры Linux. ВПО...

CVE-2026-45040

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...