1179 matches found
CVE-2025-11725
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings,...
CVE-2025-11725
The CVE-2025-11725 entry concerns the Aruba HiSpeed Cache WordPress plugin, affected up to version 3.0.2. The vulnerability arises from missing capability checks in multiple functions, allowing unauthenticated attackers to modify the plugin’s configuration settings and enable/disable features. Im...
PT-2026-20574
Name of the Vulnerable Software and Affected Versions Aruba HiSpeed Cache versions up to and including 3.0.2 Description The Aruba HiSpeed Cache plugin for WordPress is susceptible to unauthorized data modification because of absent capability checks in several functions. This allows...
CVE-2026-2250
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...
CVE-2026-2250
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...
CVE-2026-2250 Unauthenticated Data Export and Source Code Disclosure via /dbviewer/ in METIS WIC
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...
CVE-2026-2250 Unauthenticated Data Export and Source Code Disclosure via /dbviewer/ in METIS WIC
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...
CVE-2026-2250
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...
CVE-2026-2250
METIS WIC devices expose /dbviewer/ without authentication, allowing remote access to an internal telemetry SQLite database containing sensitive operational data. The issue is compounded by debug mode being enabled, which returns verbose Django tracebacks that disclose backend source code, local ...
PT-2026-7599
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...
Keycloak < 26.4.4 Debug Mode JDWP Port Exposure (CVE-2025-11538)
The version of Keycloak installed on the remote host is prior to 26.4.4. It is, therefore, affected by a Port Exposure vulnerability: - A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port ...
GHSA-VG9H-JX4V-CWX2 Unfurl's debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure)
Summary The Unfurl web app enables Flask debug mode even when configuration sets debug = False. The config value is read as a string and passed directly to app.rundebug=..., so any non-empty string evaluates truthy. This leaves the Werkzeug debugger active by default. Details - unfurl/app.py:weba...
Unfurl's debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure)
Summary The Unfurl web app enables Flask debug mode even when configuration sets debug = False. The config value is read as a string and passed directly to app.rundebug=..., so any non-empty string evaluates truthy. This leaves the Werkzeug debugger active by default. Details - unfurl/app.py:weba...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005152)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005152 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4extshowleaf In ext4findextent, path may be freed by error or be...
sonarcloud-poc
SonarCloud PoC - SAST Test Projeto de teste para validar dete...
CVE-2020-10826
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...
Amazon Linux 2023 : ansible (ALAS2023-2025-1330)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1330 advisory. A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when runni...
Symfony Conflicting Headers Information Disclosure
The remote web application is using Symfony, a PHP framework. It is affected by an information disclosure vulnerability arising from conflicting proxy headers. When both 'Forwarded' and 'X-Forwarded-' headers are present in a request, a misconfiguration in Symfony's trusted proxy settings can...
PT-2026-26015
Name of the Vulnerable Software and Affected Versions Xen affected versions not specified Description A guest issuing a Xenstore command accessing a node using the path '/local/domain/' can cause xenstored to crash due to a corrupted error indicator during node path verification. The crash is...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992973)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992973 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4extshowleaf In ext4findextent, path may be freed by error or be...