23 matches found
CVE-2026-55761
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...
EUVD-2026-35441
An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...
CVE-2026-10523
An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...
PT-2026-47807
Name of the Vulnerable Software and Affected Versions Ivanti Sentry versions prior to R10.5.2 Ivanti Sentry versions prior to R10.6.2 Ivanti Sentry versions prior to R10.7.1 Description An authentication bypass allows a remote unauthenticated attacker to create arbitrary administrative accounts a...
CVE-2026-9039
CVE-2026-9039 affects the XCharge C6 via a configuration weakness in the device’s remote management service. An authenticated session can be established over a channel intended only for vehicle-charger signaling. The service is exposed on interfaces at the charging connector and accepts a default...
CVE-2026-9039
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...
EUVD-2026-33004
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...
Google Cloud AlloyDB for PostgreSQL 安全漏洞
Google Cloud AlloyDB for PostgreSQL is a cloud-native, high-performance relational database service from Google Inc. That service is compatible with PostgreSQL. Versions of Google Cloud AlloyDB for PostgreSQL prior to 2025-11-03 contained a security vulnerability. This vulnerability stemmed from...
CVE-2026-8077 Weak credentials vulnerability in the CashDro 3 web administration panel
Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the ‘Permissions’ field of the JSON response, an attacker could escala...
PT-2026-33880
Name of the Vulnerable Software and Affected Versions Neko versions 3.0.0 through 3.0.10 Neko versions 3.1.0 through 3.1.1 Description An issue allows any authenticated user to obtain full administrative control of the Neko instance, including member management, room settings, broadcast control,...
CVE-2025-10878
A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full...
PT-2026-1869
Name of the Vulnerable Software and Affected Versions Intelbras CFTV IP NVD 9032 R Ftd version 2.800.00IB00C.0.T Description A security issue exists in Intelbras CFTV IP NVD 9032 R Ftd version 2.800.00IB00C.0.T that allows an unauthenticated attacker to bypass the multi-factor authentication MFA...
CData API Server 安全漏洞
CData API Server is a server for creating, deploying, and managing custom APIs from CData. This server provides a highly scalable platform that helps organizations quickly build and expose APIs to communicate with different data sources. A security vulnerability exists in versions prior to CData...
Siemens Location Intelligence Perpetual 信任管理问题漏洞
Location Intelligence is a web-based application that creates transparency in production and logistics processes based on location data, thus uncovering optimization potential. Siemens Location Intelligence suffers from a Use Hardcoded Credentials vulnerability that can be exploited by an attacke...
CVE-2022-35401
An authentication bypass vulnerability exists in the getIFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.38649674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this...
TIBCO Security Advisory: August 9, 2022 - TIBCO FTL -CVE-2022-30573
TIBCO FTL Privilege Escalation Original release date: August 9, 2022 Last revised: --- CVE-2022-30573 Source: TIBCO SoftwareInc. Products Affected TIBCO FTL - Community Edition versions 6.0.0 through 6.8.0 TIBCO FTL - Developer Edition versions 6.0.1 through 6.8.0 TIBCO FTL - Enterprise Edition...
Auerswald Compact 系列安全漏洞
The Auerswald Compact Series is an Ict solution from Auerswald Germany. a security vulnerability exists in the Auerswald Compact Series that could be exploited by an attacker to access a web-based management application for full administrative access to the device...
Auerswald COMpact 8.0B - Multiple Backdoors Vulnerability
Exploit Title: Auerswald COMpact 8.0B - Multiple Backdoors Exploit Author: RedTeam Pentesting GmbH Advisory: Auerswald COMpact Multiple Backdoors RedTeam Pentesting discovered several backdoors in the firmware for the Auerswald COMpact 5500R PBX. These backdoors allow attackers who are able to...
CVE-2020-4427
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process...
Cisco IOS 11.x/12.x HTTP Configuration Arbitrary Administrative Access Vulnerability (4)
No description provided by source. source: http://www.securityfocus.com/bid/2936/info IOS is router firmware developed and distributed by Cisco Systems. IOS functions on numerous Cisco devices, including routers and switches. It is possible to gain full remote administrative access on devices usi...