EUVD-2026-28995

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

SenseLive X3050 安全漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a security vulnerability. This vulnerability stems from insufficient verification and security controls during modifications to critical system...

BIT-GITLAB-2026-1516 Improper Control of Generation of Code ('Code Injection') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content...

CVE-2026-1516

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content...

PT-2026-31540

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.0.0 through 18.8.8, 18.9.0 through 18.9.4, and 18.10.0 through 18.10.2 Description GitLab EE versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 contained an issue in Code Quality reports that...

CVE-2026-35185

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens usertoken, user activity, client IP addresses, and server configuration details. This allows a...

CVE-2026-33404 Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....

PT-2026-29362

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...

Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals e.g., ::ffff:127.0.0.1.. Mattermost...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000843)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000843 advisory. The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service host OS...

CVE-2021-47791 SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service

SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client's...

CVE-2025-14442

CVE-2025-14442 affects the Secure Copy Content Protection and Content Locking WordPress plugin. Affected versions up to and including 4.9.2 store exported CSV files in a publicly accessible directory with predictable filenames, enabling unauthenticated access to sensitive user data (emails, IP ad...

CVE-2025-12106

Insufficient argument validation in OpenVPN 2.7alpha1 through 2.7rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses...

PT-2025-48441

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.7 alpha1 through 2.7 rc1 Description A flaw exists in OpenVPN due to inadequate argument validation. This issue allows an attacker to potentially cause a heap buffer over-read when processing IP addresses. Recommendations...

PT-2025-46785

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajax get comment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, I...

Amazon Linux 2 : docker, --advisory ALAS2ECS-2025-081 (ALASECS-2025-081)

The version of docker installed on the remote host is prior to 25.0.13-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-081 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6...

PYSEC-2025-126

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed i...

CVE-2025-64326 Weblate leaks the IP of project members inviting users to assume reviewer roles in Audit log

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed i...

Weblate 安全漏洞

Weblate is a Copyleft open source web-based free software continuous localization system. A security vulnerability exists in Weblate 5.14 and earlier versions, which stems from audit logs leaking project member IP addresses, potentially leading to information disclosure...

CVE-2025-41109 Use of Hard-coded Credentials vulnerability in Ghost Robotics' Vision 60

Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot'...