CVE-2026-31881 Runtipi unauthenticated /api/auth/reset-password allows operator account takeover during active reset window

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator admin password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization...

CVE-2026-31881 Runtipi unauthenticated /api/auth/reset-password allows operator account takeover during active reset window

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator admin password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization...

AXIS OS 安全漏洞

AXIS OS is an edge device operating system developed by AXIS, a company from Sweden. There is a security vulnerability in AXIS OS, which stems from insufficient input validation. This vulnerability may allow for the execution of remote code after authentication is performed using a service accoun...

CVE-2025-9524

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account...

EUVD-2020-8062

Malware in sbrugna...

EUVD-2022-46550

Malicious code in bioql PyPI...

CVE-2023-21407

A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges...

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

CVE-2020-16096

In Gallagher Command Centre versions 8.10 prior to 8.10.1134MR4, 8.00 prior to 8.00.1161MR5, 7.90 prior to 7.90.991MR5, 7.80 prior to 7.80.960MR2, 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be or is attached to a multi-server...

Red Hat OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift, which stems from the presence of an information disclosure that could allow an...

fwupd: world readable password in /etc/fwupd/redfish.conf

A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

fwupd: world readable password in /etc/fwupd/redfish.conf

A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

fwupd: world readable password in /etc/fwupd/redfish.conf

A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

CVE-2023-21407

A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges...

Unrestricted Logging Filename Lead to RCE

Description This vulnerability occur because there is no filename restriction for saving logging file. In this case attacker can set the filename to existing php file and append php code on it by manipulating the logged input. Proof of Concept 1. Log in using operator account, in this case i try ...

CVE-2022-43553

A remote code execution vulnerability in EdgeRouters Version 2.0.9-hotfix.4 and earlier allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later...

Ubiquiti EdgeRouters 安全漏洞

Ubiquiti EdgeRouters is a series of edge routers from Ubiquiti USA. A security vulnerability exists in Ubiquiti EdgeRouters version 2.0.9-hotfix.4 and prior versions, which originated from a vulnerability that allows a malicious actor with an operator account to run arbitrary administrator comman...

Information Disclosure

fwupd is vulnerable to information disclosure. The vulnerability exists when creating an OPERATOR user account on the BMC, allowing an attacker to read the the configuration files on the system...

UBUNTU-CVE-2022-3287

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...