748 matches found
CVE-2025-62844 QuRouter
A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...
QNAP Systems QHora 安全漏洞
QNAP Systems QHora is a router product of QNAP Systems, a company based in Taiwan, China. QNAP Systems QHora has a security vulnerability that stems from weak authentication procedures. This vulnerability could allow attackers with access to the local network to obtain sensitive information...
PT-2026-26634
Name of the Vulnerable Software and Affected Versions QHora versions prior to 2.6.2.007 Description A weak authentication issue exists in QHora. An attacker with local network access can exploit this to obtain sensitive information. Recommendations Update to version 2.6.2.007 or later...
Weak Authentication
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Weak Authentication in the user sign up. An attacker can create authenticated sessions without providing valid credentials b...
PT-2026-25951
CVE-2026-1267 IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of pro… https://t.co/BQ9nfoG4xS...
Socomec socomec DIRIS A-40 访问控制错误漏洞
Socomec DIRIS A-40 is an electrical device designed by the French company Socomec for power metering and monitoring. The Socomec DIRIS A-40 has a vulnerability related to access control, which stems from insufficient authentication in the Web API implementation. This vulnerability could allow...
CVE-2026-30969
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...
CVE-2026-30969
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...
CVE-2026-30926
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...
coral-server 安全漏洞
Coral-server is a Docker-based server operation and configuration management tool developed by CoralOS. Versions of coral-server prior to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of forced strong authentication during active sessions, allowing attacker...
PT-2026-24340
Name of the Vulnerable Software and Affected Versions Coral Server versions prior to 1.1.0 Description Coral Server, an open collaboration infrastructure for The Internet of Agents, did not enforce strong authentication between agents and the server during active sessions. This could allow an...
RustDesk 安全漏洞
RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and can be used to maintain computers and other devices remotely. Versions of RustDesk 1.7.5 and earlier, as well as 1.1.15 and earlier, have security vulnerabilities. These...
CVE-2026-1627
An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic...
CVE-2026-1627
The CVE-2026-1627 entry relates to the use of outdated and weak MAC algorithms in the SSH service of SICK LMS1000 and SICK MRS1000 devices. The underlying issue is weak cryptographic configurations in SSH that may allow an attacker with network access to observe or manipulate SSH communications, ...
CVE-2026-20126 Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this...
Acronis Cyber Protect 安全漏洞
Acronis Cyber Protect is an integrated network protection solution for businesses and enterprises developed by the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management e.g., vulnerability assessment, URL filtering, patch management,...
CVE-2026-26190
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...
CVE-2025-57713
A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...