AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`

CVE-2026-43881 fix d9cdc7024 patched users.json.php only. The same anti-pattern survives at master HEAD in: objects/mention.json.php:17 $ignoreAdmin = true; objects/mention.json.php:18 $users = User::getAllUsers$ignoreAdmin, 'name', 'email', 'user', 'channelName', 'a'; No User::loginCheck, no adm...

CVE-2025-68420 Privilege Escalation in Comarch ERP Optima

Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...

GHSA-62P3-HVXX-FXG4 Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move

Summary Gotenberg blocks certain ExifTool tag names like FileName and Directory to stop attackers from renaming or moving files on the server. But ExifTool allows a longer form of the same tag — System:FileName — which does the exact same thing. Gotenberg only checks if the tag is exactly FileNam...

PT-2026-37106

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.31.0 Description Gotenberg fails to properly validate metadata tags passed to ExifTool, a tool used for reading and writing image, audio, and video metadata. While the software blocks specific tags like FileName a...

Kimai: Username enumeration via timing on X-AUTH-USER

Details src/API/Authentication/TokenAuthenticator.php calls loadUserByIdentifier first and only invokes the password hasher argon2id when a user is returned. When the username does not exist, the request returns roughly 25 ms faster than when it does. The response body is the same in both cases...

EUVD-2026-23442

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...

CVE-2026-33727

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privilege pihole account. Important context: the pihole account uses nologin, so this is not a direct...

CVE-2026-32326

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

PT-2026-26326

🚨 CVE-2026-30694: Remote code execution in DedeCMS up to 5.7.118, no login required. Lock down your site and watch for a patch. Full advisory ➡️ https://t.co/nUIEoY7rL5 DedeCMS infosec AppSec...

CVE-2026-27521

The CVE-2026-27521 affects Binardat 10G08-0800GSM network switch firmware up to version V300SP10260209. The root cause is missing login rate limiting and account lockout on failed login attempts, enabling brute-force attacks against user credentials. As per the connected CVE records, the vulnerab...

PolarLearn 访问控制错误漏洞

PolarLearn is an online learning platform developed by PolarNL. Versions of PolarLearn prior to 0-PRERELEASE-16 contain access control vulnerability issues. This vulnerability stems from the use of WebSocket in group chats without the need for login, which may allow unverified clients to subscrib...

MiracleLinux 7 : setup-2.8.71-10.el7 (AXSA:2019-3677:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3677:01 advisory. setup: nologin listed in /etc/shells violates security expectations CVE-2018-1113 Tenable has extracted the preceding description block directly from the...

VulnCheck KEV: CVE-2025-10204

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to chang...

CVE-2025-52692

Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials...

CVE-2025-52692

Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials...

CVE-2025-52692

Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials...

Linksys E9450-SG 安全漏洞

The Linksys E9450-SG is a WiFi router from Linksys USA. A security vulnerability exists in the Linksys E9450-SG that originates from a local network attacker being able to send a specially crafted URL to access certain administrative functions without requiring login credentials...

PT-2025-52402

Name of the Vulnerable Software and Affected Versions versions prior to 2025-52692 Description Exploitation of this issue could allow an attacker with local network access to access certain administration functions without login credentials by sending a specially crafted URL. Recommendations At t...

Photo booth flaw exposes people’s private pictures online

Photo booths are great. You press a button and get instant results. The same can’t be said, allegedly, for the security practices of at least one company operating them. A security researcher spent weeks trying to warn a photo booth operator about a vulnerability in its system. The flaw reportedl...

CVE-2025-55895

TOTOLINK A3300R V17.0.0cu.557B20221024 and N200RE V9.3.5u.6448B20240521 and V9.3.5u.6437B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in remote...