CVE-2026-49002

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information...

EUVD-2026-15447

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by...

PT-2025-47389

Name of the Vulnerable Software and Affected Versions AOS-CX OS affected versions not specified Description A flaw exists in the web management interface of the AOS-CX OS user authentication service. An authenticated remote attacker may be able to hijack an active user session. Successful...

CVE-2025-9133

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...

EUVD-2025-35119

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...

EUVD-2022-1877

Malicious code in bioql PyPI...

EUVD-2025-27005

Malicious code in bioql PyPI...

CVE-2022-43110

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password,...

CVE-2022-43110

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password,...

GHSA-RFH6-9R2Q-98VF Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI. This allows attackers with View/Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted values of...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins versions 2.499 and earlier and 2.492.1 and earlier, which stems from an...

PT-2025-6204 · Siemens · Scalance Wam766-1 +4

Name of the Vulnerable Software and Affected Versions: SCALANCE WAB762-1 versions prior to V3.0.0 SCALANCE WAM763-1 versions prior to V3.0.0 SCALANCE WAM763-1 ME versions prior to V3.0.0 SCALANCE WAM763-1 US versions prior to V3.0.0 SCALANCE WAM766-1 versions prior to V3.0.0 SCALANCE WAM766-1 ME...

Siemens SCALANCE Series 访问控制错误漏洞

Siemens SCALANCE Series is a family of industrial communication devices from Siemens, Germany. An access control error vulnerability exists in the Siemens SCALANCE Series that arises from an affected device with the user role being affected by incorrect authorization in the SNMPv3 view...

CVE-2024-20458

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication o...

NetApp ONTAP Select Deploy administration utility 信任管理问题漏洞

NetApp ONTAP Select Deploy administration utility is an administration utility for deploying and managing ONTAP Select clusters from Network Appliance NetApp, Inc. A security vulnerability exists in NetApp ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x , 9.14.1.x, which...

VulnCheck KEV: CVE-2018-0127

A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential...

CVE-2021-28052

A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...

Hitachi Vantara Hitachi Content Platform 安全漏洞

Hitachi Vantara Hitachi Content Platform is an object storage system from Hitachi Vantara, Inc. that provides massively scalable, reliable, efficient and easy-to-use storage for automated management and preservation of content. An access control error vulnerability exists in Hitachi Vantara Hitac...

Jenkins List Git Branches Parameter 插件跨站脚本漏洞

Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building and deploying projects, and the Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier is vulnerable to a cross-site...