PT-2026-20870

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

CVE-2026-22240 Plaintext Passwords Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the...

Commvault CommandCenter < 11.36.60 Unauthorized API Access

Commvault CommandCenter versions prior to 11.36.60 contain a vulnerability in a known login mechanism that allows unauthenticated attackers to execute API calls without requiring user credentials. No source data...

TP-LINK Tapo C210 安全漏洞

TP-LINK Tapo C210 is a webcam device from China P&L TP-LINK. A security vulnerability exists in TP-Link Tapo C210 version V.1.8, which originates from an unauthenticated API response exposing a password hash, which could lead to a brute force cracking attack...

Zyxel CloudCNM SecuManager 安全漏洞

Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which stems from an...

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...