CVE-2026-29199

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...

EUVD-2025-197981

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...

CVE-2025-41737

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...

CVE-2025-41737

CVE-2025-41737 involves METZ CONNECT devices (EWIO2 family and related controllers) where a webserver misconfiguration allows an unauthenticated remote attacker to read the source of PHP modules. The entry is corroborated by multiple sources (Red Hat, ENISA EUVD, CISA ICS advisory, CVE lists) des...

METZ CONNECT多款产品 访问控制错误漏洞

METZ CONNECT Energy-Controlling EWIO2-M and others are products of METZ CONNECT, Germany.METZ CONNECT Energy-Controlling EWIO2-M is a high performance data logger.METZ CONNECT Energy- Controlling EWIO2-M-BM is a high performance data logger.METZ CONNECT Ethernet-IO EWIO2-BM is a sensor and actuat...

EUVD-2020-20855

Malware in sbrugna...

EUVD-2022-26461

Malicious code in bioql PyPI...

CVE-2022-21236

An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability...

"Internal Server Error 43549" response from Gateway with malformed request "/epatype?Param"

Security scanning report vulnerability on ADC: Web Server Misconfiguration - Server Error Message when http request url includes "/epatype?"...

OPTO 22 SNAP PAC S1 资源管理错误漏洞

The OPTO 22 SNAP PAC S1 is a controller from OPTO 22 USA. A security vulnerability exists in the OPTO 22 SNAP PAC S1 R10.3b firmware version, which stems from If the controller has the built-in web server enabled, but the built-in web server is not fully setup and configured, an attacker exploiti...

PT-2022-12474 · Pascom +2 · Pascom Cloud Phone System +2

Name of the Vulnerable Software and Affected Versions: Pascom Cloud Phone System versions prior to 7.20.x Description: A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints. Recommendations: For versions prior...

CVE-2022-21236

An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability...

Information disclosure

An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-21236

An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-21236

The CVE-2022-21236 issue affects Reolink RLC-410W (v3.0.0.136_20121102). A web server misconfiguration (nginx) exposes the TLS private key from the document root, enabling potential impersonation of the camera and, in some contexts, decryption of HTTPS traffic to steal an admin session token. Thi...

Hitachi Energy LinkOne 授权问题漏洞

Hitachi Energy LinkOne is an enterprise graphical parts catalog and content delivery solution from Hitachi Energy, Switzerland. It is used to publish, view and find spare parts for complex equipment and assemblies. A security vulnerability exists in Hitachi Energy LinkOne, which stems from a web...

Reolink RLC-410W web server misconfiguration information disclosure vulnerability

Summary An information disclosure vulnerability exists due to a web server misconfiguration in the reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. Tested...

Reolink Rlc-410W 信息泄露漏洞

Reolink Rlc-410W is a Wifi security camera from Reolink China. reolink RLC-410W in v3.0.0.13620121102 is vulnerable to information disclosure, which stems from information disclosure due to web server configuration errors. An attacker could use this vulnerability to obtain sensitive information...

CVE-2020-28396

A vulnerability has been identified in SICAM A8000 CP-8000 All versions V16, SICAM A8000 CP-8021 All versions V16, SICAM A8000 CP-8022 All versions V16. A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position...

PT-2020-5606 · Siemens · Sicam A8000 Cp-8000 +2

Name of the Vulnerable Software and Affected Versions: SICAM A8000 CP-8000 versions prior to V16 SICAM A8000 CP-8021 versions prior to V16 SICAM A8000 CP-8022 versions prior to V16 Description: A web server misconfiguration in the affected devices can cause insecure ciphers usage by a user's...