Unisys WebPerfect Image Suite 安全漏洞

Unisys WebPerfect Image Suite is an enterprise document imaging and management system developed by Unisys, Inc. Both versions of Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 contain security vulnerabilities. These vulnerabilities stem from unvalidated WCF SOAP endpoints located...

web3.py 代码问题漏洞

web3.py is an open-source Python library developed by ethereum for interacting with the Ethereum blockchain. There were code-related vulnerabilities in versions of web3.py from 6.0.0b3 to 7.15.0, as well as in version 8.0.0b2. These vulnerabilities stemmed from a lack of target validation when...

CVE-2026-35461

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validation of the destination address. The server makes outbound HTTP POST requests to registered URLs,...

EUVD-2026-19655

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validation of the destination address. The server makes outbound HTTP POST requests to registered URLs,...

PT-2026-30854

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validation of the destination address. The server makes outbound HTTP POST requests to registered URLs,...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from unvalidated USB endpoints. This vulnerability could allow malicious devices to cause driver...

CVE-2026-32309 Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...

CVE-2026-32309 Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...

CVE-2026-32309

Cryptomator (hub-based unlock flow) is affected prior to version 1.19.1. The vault metadata may drive OAuth and key-loading traffic over plaintext HTTP or insecure endpoint schemes instead of HTTPS, enabling a network attacker to observe or tamper with traffic. Bearer tokens and endpoint-level tr...

WordPress plugin Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-21887

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

Inductive Automation Ignition 代码问题漏洞

Inductive Automation Ignition is an integrated software platform developed by Inductive Automation in the United States, designed for SCADA systems. This platform supports SCADA Supervisory Control and Data Acquisition and HMI Human Machine Interface applications. Inductive Automation Ignition ha...

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.12 had a access control vulnerability. This vulnerability stemmed from the Nostr plugin exposing unvalidated HTTP endpoints, which could allow remote attackers to read sensitive configuration file da...

Honeywell多款产品 访问控制错误漏洞

Honeywell I-HIB2PI-UL 2MP, etc., are products of the American company Honeywell. The Honeywell I-HIB2PI-UL 2MP is an infrared dome camera. The Honeywell SMB NDAA MVO-3 is an infrared gimbal camera. The Honeywell PTZ WDR 2MP 32M is a series of night vision cameras. Several Honeywell products have...

homarr 代码问题漏洞

Homarr is a customizable browser homepage developed by Thomas Camlong, used to interact with the Docker container of the main server. Versions of Homarr prior to 1.52.0 contained code vulnerabilities. These vulnerabilities stemmed from unvalidated tRPC endpoints that accepted arbitrary URLs and...

Aptsys Gemscms POS Platform security vulnerabilities

Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform. This vulnerability stems from unvalidated endpoints returning payment card credentials encrypted using MD5. It may lead to...

PT-2024-24331 · Apache · Apache Streampipes

Name of the Vulnerable Software and Affected Versions: Apache StreamPipes versions through 0.93.0 Description: A Server-Side Request Forgery SSRF issue exists in Apache StreamPipes during the installation process of pipeline elements. The software allowed users to configure custom endpoints for...

CVE-2017-16680

Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1 Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files...

PT-2017-14519 · Sap · Sap Hana Extended Application Services

Name of the Vulnerable Software and Affected Versions: SAP HANA extended application services version 1.0 Description: The issue involves two potential audit log injections in SAP HANA extended application services. Firstly, certain HTTP/REST endpoints of the controller service lack user input...