PT-2026-20792

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description A stored Cross-Site Scripting XSS issue exists in the OpenClaw Control UI when rendering assistant identity name/avatar into an inline tag without proper escaping. A crafted value containing cou...

Exploit for CVE-2025-49132

CVE-2025-49132 - Pterodactyl Panel Unauthenticated RCE...

CVE-2025-14078

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...

CVE-2025-14574

The connected Wordfence entry confirms CVE-2025-14574 affecting the weDocs plugin for WordPress (versions up to 2.1.15) via an unauthenticated exposure at the REST endpoint /wp-json/wp/v2/docs/settings, enabling retrieval of sensitive data including third‑party API keys. The CVSS v3.1 base score ...

CVE-2025-12577 Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Listing Update

The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/listar/v1/place/save' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...

CVE-2022-4985 Vodafone H500s WiFi Password Disclosure via activation.json

Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...

EUVD-2018-9680

Malware in sbrugna...

EUVD-2019-0750

Malware in sbrugna...

EUVD-2025-23497

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-16942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...

Linux Distros Unpatched Vulnerability : CVE-2019-12086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific...

CVE-2025-8515

A weakness has been identified in Intelbras InControl 2.21.60.9. This vulnerability affects unknown code of the file /v1/operador/ of the component JSON Endpoint. Executing manipulation can lead to information disclosure. It is possible to launch the attack remotely. A high complexity level is...

CVE-2025-8515

A weakness has been identified in Intelbras InControl 2.21.60.9. This vulnerability affects unknown code of the file /v1/operador/ of the component JSON Endpoint. Executing manipulation can lead to information disclosure. It is possible to launch the attack remotely. A high complexity level is...

CVE-2025-8515

The CVE-2025-8515 entry concerns Intelbras InControl 2.21.60.9. The vulnerability affects the unknown code path in the /v1/operador/ JSON Endpoint, enabling information disclosure when manipulated remotely. Exploitation is described as high complexity with no required user interaction and no priv...

CVE-2025-8515 Intelbras InControl JSON Endpoint operador information disclosure

A weakness has been identified in Intelbras InControl 2.21.60.9. This vulnerability affects unknown code of the file /v1/operador/ of the component JSON Endpoint. Executing manipulation can lead to information disclosure. It is possible to launch the attack remotely. A high complexity level is...

CVE-2025-8515 Intelbras InControl JSON Endpoint operador information disclosure

A weakness has been identified in Intelbras InControl 2.21.60.9. This vulnerability affects unknown code of the file /v1/operador/ of the component JSON Endpoint. Executing manipulation can lead to information disclosure. It is possible to launch the attack remotely. A high complexity level is...

PT-2025-31805 · Intelbras · Intelbras Incontrol

Name of the Vulnerable Software and Affected Versions: Intelbras InControl version 2.21.60.9 Description: A vulnerability exists in Intelbras InControl that allows for information disclosure. The issue is related to the processing of the /v1/operador/ JSON Endpoint. The exploitation of this issue...

CVE-2024-8616

In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...

CVE-2024-8616

In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...

CVE-2024-9411

A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dictvalue leads to cross site scripting. It is possible to initiate the attack remotely. The...