CVE-2026-54105

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

EUVD-2026-37912

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

Exploit for CVE-2026-54596

CVE-2026-54596 - Authenticated SQL Injection via recurringinv...

CVE-2026-42951

An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...

GHSA-FW38-PC54-JVX9 Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS

Summary The account-data trie syncers leak bounded throttler slots on error paths in syncDataTrie. Each failed trie sync permanently consumes one slot from the NumGoRoutinesThrottler, and the slot is never returned unless the sync succeeds or the root hash was already present. I confirmed this on...

Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS

Summary The account-data trie syncers leak bounded throttler slots on error paths in syncDataTrie. Each failed trie sync permanently consumes one slot from the NumGoRoutinesThrottler, and the slot is never returned unless the sync succeeds or the root hash was already present. I confirmed this on...

PT-2026-47094

Summary The account-data trie syncers leak bounded throttler slots on error paths in syncDataTrie. Each failed trie sync permanently consumes one slot from the NumGoRoutinesThrottler, and the slot is never returned unless the sync succeeds or the root hash was already present. I confirmed this on...

CVE-2026-42951

An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...

CVE-2026-42951

An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...

CVE-2026-42951 MacGregor Voyage Data Recorder (VDR) G4e Insufficiently Protected Credentials

An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...

EUVD-2026-33396

An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...

CVE-2026-42951

CVE-2026-42951 concerns the Danelec MacGregor Voyage Data Recorder (VDR) device. The description across sources states an authenticated user can download a backup of the VDR that includes account data and password hashes. The connected records corroborate credentials exposure as the primary issue...

PT-2026-44928

Name of the Vulnerable Software and Affected Versions Danelec MacGregor Voyage Data Recorder affected versions not specified Description An authenticated user can download a backup of the device, which contains account data and password hashes. Recommendations At the moment, there is no informati...

CVE-2026-40850

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

EUVD-2026-32149

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40850

CVE-2026-40850 describes an unauthenticated SQL injection in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command, leading to total loss of confidentiality. The vulnerability is shown with CVSS 3.1 base score 7.5 (NETWORK, LOW complexity, NONE pri...

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymbCONNECT24 is an internal...

PT-2026-43616

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

MAL-2026-4530 Malicious code in cloudsmith-vsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b49ad4432747f754181e7a8428aff5fd2613f9d86283f05a04c2dd1f9ac2f2f package.json declares a preinstall hook "preinstall": "node index.js" that runs automatically on npm install. index.js reads installer-side system...

CVE-2026-28766

CVE-2026-28766 refers to Gardyn Cloud API missing authentication for a critical function. The initial description and related documents confirm that a specific endpoint exposes all user account information for registered Gardyn users without requiring authentication, enabling potential confidenti...