CVE-2019-25717

CVE-2019-25717 affects Dräger Infinity Delta, Delta XL, and Kappa patient monitors. The vulnerability allows unauthenticated attackers over a network to access exposed log files, exposing device internals, location data, and wired network configuration details. No root cause or remediation detail...

CVE-2026-48210

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

PT-2026-45213

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

CVE-2026-5065

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

CVE-2026-5065

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

EUVD-2026-32423

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

CVE-2026-5065

CVE-2026-5065: IBM Controller versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contain hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. Affected products: IBM Controller 11.0.1–11.1.2. Severity is high (CVSS v3.1: 8.8, NETWORK attack vector, ...

PT-2026-44056

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description The executeQuery automation step accepts a queryId from automation step inputs and passes it to the query execution controller without additional validation. When a REST datasource is configured to...

Budibase 代码问题漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained code-related vulnerabilities. These vulnerabilities stemmed from the OAuth2 tok...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the UDM component failing to validate the supi path parameters of the six GET processors in the nudm-sdm...

IBM Controller 信任管理问题漏洞

IBM Controller is a web-based financial consolidation tool developed by the American multinational company International Business Machines IBM. Versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 of IBM Controller contain vulnerabilities related to trust management. These vulnerabilities stem from the us...

EUVD-2026-31347

Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate. The endpoint /ccm/system/dialogs/file/usage/fID accepts an integer file ID in the URL and returns internal site structure data page IDs, versions, URL paths to anyone who sends a GET request. The...

CVE-2026-8236

Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate. The endpoint /ccm/system/dialogs/file/usage/fID accepts an integer file ID in the URL and returns internal site structure data page IDs, versions, URL paths to anyone who sends a GET request. The...

CVE-2026-8236

Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate. The endpoint /ccm/system/dialogs/file/usage/fID accepts an integer file ID in the URL and returns internal site structure data page IDs, versions, URL paths to anyone who sends a GET request. The...

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from missing identity verification mechanisms, which could allow unauthorized access to internal site structure data...

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

CVE-2026-43897

CVE-2026-43897 affects the link-preview-js library. Prior to version 4.0.1, it did not validate IPv6 loopback addresses and could also resolve certain addresses to internal IPs via DNS, enabling potential internal data leaks when extracting link information. The vulnerability is fixed in version ...

CVE-2025-15633

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...

CVE-2025-15633

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...