6500 matches found
SUSE CVE-2026-32611
Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...
CTEK Chargeportal 代码问题漏洞
CTEK Chargeportal is an electric vehicle charging management platform developed by the Swedish company CTEK. CTEK Chargeportal has code-related vulnerabilities; these vulnerabilities stem from the predictable nature of session identifiers and the ability for multiple endpoints to use the same...
Kubernetes(K8s) 安全漏洞
Kubernetes K8s is an open-source system developed under the Kubernetes project, used for automated deployment, scaling, and management of containerized applications. There is a security vulnerability in Kubernetes K8s, which stems from insufficient validation of the subDir parameter in volume...
PT-2026-26694
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
PT-2026-26695
CVE-2026-28204 Charging station authentication identifiers are publicly accessible via web-based mapping platforms. https://t.co/aldAqfvMsO...
SUSE: Security Advisory (SUSE-SU-2026:0911-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
IGL-Technologies eParking.fi 代码问题漏洞
IGL-Technologies eParking.fi is an intelligent parking platform provided by IGL-Technologies, offering features for parking management, charging, and parking space monitoring. IGL-Technologies eParking.fi has code vulnerabilities; these vulnerabilities stem from predictable WebSocket backend...
PT-2026-26700
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
PT-2026-26699
CVE-2026-31926 Charging station authentication identifiers are publicly accessible via web-based mapping platforms. https://t.co/dYBTlDrxSN...
PT-2026-26669
GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified in the gmt remote dataset id function within src/gmt remote.c. This issue occurs when a speciall...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo 25.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /objects/phpsessionid.json.php file exposing the PHP session ID, along with improper...
CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions
Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groupsroles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF...
CVE-2026-32021
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu allowFrom allowlist implementation that accepts mutable sender display names instead of enforcing ID-only matching. An attacker can set a display name equal to an allowlisted ID string to bypass...
CVE-2026-32021 OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu allowFrom allowlist implementation that accepts mutable sender display names instead of enforcing ID-only matching. An attacker can set a display name equal to an allowlisted ID string to bypass...
Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets
Summary Predictable secret ID and lack of secret origin API enable confused deputy attacks on Juju workloads. Details A Juju application can create a secret and grant it to another integrated application grantee. When they do so, the secret owner has to communicate the secret id to the grantee. T...
HCL AION Information Disclosure Vulnerability (CNVD-2026-15145)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that stems from the predictability of certain identifiers, which can be exploited by an attacker to cause the attacker to infer or guess system-generated values, triggerin...
CVE-2026-32611
Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...
CVE-2026-32611
Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...
UBUNTU-CVE-2026-32611
Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...
CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements
Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...