Cisco RV132W/RV134W Router - Information Disclosure

Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information. id: CVE-2018-012...

Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems...

FLIR Systems AX8 Cameras Missing Authentication for Critical Function (CVE-2018-25139)

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage. This plugin only wor...

CVE-2023-49115

MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users...

CVE-2018-25139 FLIR AX8 Thermal Camera 1.32.16 Unauthenticated RTSP Stream Disclosure

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage...

GHSA-XF7M-V66Q-76W8 Liferay Portal and DXP do not check permissions of images in a blog entry

Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions does not check permission of images in a blog entry, which allows remote attackers ...

EUVD-2023-53123

Malicious code in bioql PyPI...

EUVD-2025-29658

Malicious code in bioql PyPI...

IBM InfoSphere Information Server 路径遍历漏洞

IBM InfoSphere Information Server is a data integration platform from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A path traversal vulnerability exists in IBM InfoSphere Information Server version 11.7, which stems fro...

CVE-2023-31634

In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and...

CVE-2023-31634

In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and...

CVE-2023-31634

CVE-2023-31634 affects TeslaMate before 1.27.2, where an attacker can access port 4000 for remote viewing/operation and then switch to port 3000 to reach Grafana, using default Grafana credentials to enter the management console without authentication. This mirrors a related issue (CVE-2022-23126...

CVE-2024-25605

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...

CVE-2023-49115

MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users...

Design/Logic Flaw

MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users...

CVE-2023-49115 MachineSense FeverWarn Missing Authentication for Critical Function

MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users...

CVE-2023-6341

Catalis previously Icon Software CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation...

CVE-2022-31769

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219...

CVE-2019-25012

The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy...

DLINK DCS-5020L - Remote Code Execution (PoC)

DLINK DCS-5020L - Remote Code Execution PoC “The DCS-5020L Wireless N Day & Night Pan/Tilt Cloud Camera is a day/night network camera that easily connects to your existing home network for remote viewing on a range of mobile devices. It features pan, tilt and digital zoom function to allow you to...