PT-2026-46153

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

GHSA-6VR3-7WCX-V5G5 browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler

Summary The HTTP handler /log in lib/server.js lines 491–515 of browserstack-runner passes unauthenticated user-supplied data to vm.runInNewContext combined with eval, enabling a sandbox escape and arbitrary code execution on the host system. Details When browserstack-runner starts, it creates an...

PT-2026-45529

Name of the Vulnerable Software and Affected Versions Nextcloud versions 32.0.0 through 32.0.8 Nextcloud versions 33.0.0 through 33.0.2 Description When a user shares a folder or file with a Nextcloud Team containing an external member a person added via email without a Nextcloud account, the...

CVE-2018-25370

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting rolesfunction.php with parameters like rolassignroles, rolapproveusers, and...

Rocket.Chat: Autotranslate DDP Method Exposes Private Messages Without Authentication or Room Access Check

Vulnerability description not provided...

Private Lemmy instances expose multi-community metadata without authentication

Summary readmulticommunity does not enforce the private-instance setting. On a private instance, an unauthenticated visitor can read multi-community names, titles, summaries, sidebars, owner identities, and member community lists. Details Other read handlers load localsite and call...

CVE-2026-41266

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

Exploit for CVE-2026-41651

CVE-2026-41651 — PackageKit Local Privilege Escalation pa...

CVE-2026-3621

Technical details for CVE-2026-3621 are not publicly available in the provided documents. Monitor for updates as the entry is reserved.

Anviz CX7 安全漏洞

The Anviz CX7 is an intelligent terminal device from the American company Anviz, featuring integrated biometrics and access control functions. The Anviz CX7 has a security vulnerability; this vulnerability stems from the ability to retrieve recently captured test photos without authentication,...

PT-2026-33492

CVE-2026-35061 Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery. https://t.co/DJ9ESa1MPU...

CVE-2026-34977

Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. This password is then directly passed into an expect command, which is then subsequently passed into a bash -c command, without any form o...

CVE-2016-20051

CVE-2016-20051 concerns Snews CMS 1.7, where a cross-site request forgery allows an attacker to change administrator credentials without authentication by inducing an authenticated admin to submit a hidden form that targets the changeup action. The vulnerability stems from how the changeup POST r...

PT-2026-30212

A specific administrative endpoint notifications is accessible without proper authentication...

CVE-2026-32678

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication...

CVE-2026-33907

Ella Core (private 5G core) vulnerability CVE-2026-33907: versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS messages missing IEs, allowing an attacker to crash the process by sending crafted NAS messages without authentication. This leads to serv...

EUVD-2026-16547

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication...

CVE-2026-33366

Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication...

CVE-2026-32678

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication...

CVE-2026-33366

CVE-2026-33366 concerns BUFFALO Wi-Fi router products with a vulnerability in a critical function that is missing authentication, potentially allowing an attacker to forcibly reboot the device over the network without valid credentials. The issue is described with two CVSS vectors: CVSS3.0 base s...