58 matches found
CVE-2026-15770
CVE-2026-15770 affects Google Chrome (V8) prior to 150.0.7871.125. The issue is an uninitialized use in V8 that can allow a remote attacker to read potentially sensitive data from process memory via a crafted HTML page. Impact is confined to information disclosure; no exploit details or in-the-wi...
PYSEC-2026-1451 User accounts disclosed to unauthenticated actors on the LAN
Summary The login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Details Starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network...
CVE-2026-47236 Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission
Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...
Traefik 安全漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Vulnerabilities exist in versions prior to Traefik 2.11.44, 3.6.15, and 3.7.0-rc.3. These vulnerabilities stem from the errors middleware module, which forwards the entire set of request headers including...
CVE-2026-42436
OpenClaw before 2026.4.14 has an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page content by ...
CVE-2026-35503
SenseLive X3050 vulnerable via its web management interface: authentication is performed client-side using hardcoded values in browser-executed scripts, enabling an attacker with access to the login page to retrieve exposed parameters and gain unauthorized administrative access. Base scores are C...
CVE-2026-41459
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...
PT-2026-34539
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed root path value...
CVE-2026-33167
A flaw was found in Action Pack, a component of the Rails framework. A remote attacker could exploit this vulnerability by crafting a malicious exception message. When this message is displayed on the debug exceptions page, the improper escaping of the message allows for the injection of arbitrar...
CVE-2025-66604
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN,...
CVE-2025-66599
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...
CVE-2025-66604
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN,...
CVE-2025-66594
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...
CVE-2025-66594
CVE-2025-66594 affects Yokogawa FAST/TOOLS packages (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from R9.01 to R10.04. The public description notes that detailed messages on the error page could be exploited by an attacker for other attacks, indicating information leakage or error handling weaknesses;...
CVE-2025-66599
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...
CVE-2025-66599
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...
CVE-2025-66604
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN,...
CVE-2025-66604
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN,...
CVE-2026-2110
A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote...
CVE-2025-70963
Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...