CVE-2026-45670 Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...

CVE-2026-5777

This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge ADB service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading...

CVE-2026-42373

D-Link DIR-605L Hardware Revision B2 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76dlwbrdir605L" read from /etc/alphaconfig/imagesign. The custom telnetd binary...

GHSA-RFG2-PJW2-56X2 zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood

Impact DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNSPTRMINTTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a periodic...

PT-2026-44001

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow origins="...

CVE-2026-47672 epa4all-client: Unauthenticated REST API for Patient Record Writes

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

CVE-2026-42072

Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...

NornicDB 安全漏洞

NornicDB is a fusion database developed by TJ Sweet, which supports graph, vector, and historical data queries. Versions of NornicDB prior to 1.0.42-hotfix contained security vulnerabilities. These vulnerabilities stemmed from the Bolt listener always binding to wildcard addresses, ignoring user...

PT-2026-37166

Name of the Vulnerable Software and Affected Versions Nornicdb versions prior to 1.0.42-hotfix Description The Bolt listener always binds to the wildcard address all interfaces, regardless of the user configuration. This occurs because the --address CLI flag, the NORNICDB ADDRESS environment...

CVE-2026-5777

The CVE-2026-5777 entry concerns the Atom 3x Projector with an improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication. An unauthenticated attacker on the same network can obtain root-level access, enabling complete device compromise per the descr...

CVE-2026-5777 Security Misconfiguration Vulnerability in Atom 3x Projector

This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge ADB service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading...

PT-2026-31911

Name of the Vulnerable Software and Affected Versions Atom 3x Projector affected versions not specified Description The Atom 3x Projector is affected by an issue due to the improper exposure of the Android Debug Bridge ADB service over the local network without authentication or access controls. ...

KAYSUS KS-WR1200 安全漏洞

The KAYSUS KS-WR1200 is a wireless router from the Chinese company KAYSUS. A security vulnerability exists in the KAYSUS KS-WR1200 version 107, which originates from exposing SSH and TELNET services on the LAN interface with hard-coded credentials, which could lead to an attacker logging in with...

Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references. Original Description A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to...

CVE-2025-11538

A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...

CVE-2025-61234

Incorrect access control on Dataphone A920 v2025.07.161103 exposes a service on port 8888 by default on the local network without authentication. This allows an attacker to interact with the device via a TCP socket without credentials. Additionally, sending an HTTP request to the service on port...

EUVD-2020-16876

Malware in sbrugna...

Amazon Linux 2023 : cups, cups-client, cups-devel (ALAS2023-2025-1205)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1205 advisory. A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker...

CVE-2025-34218

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception. An attacker can cause an unexpected process crash by tricking a user into processing or loading malicious web content. Note: This is only exploitable if the affected system has specific packages installed and is bein...