CVE-2026-56080

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

CVE-2026-56080

Capgo before 12.128.2 has an Enforce Password Policy flaw: after a Super Admin enables the policy and sets a compliant password, the backend does not update the password‑compliance state, so the account remains non‑compliant and the system repeatedly prompts for password resets, effectively locki...

CVE-2026-48507

Snipe-IT (IT asset/license management system) has a vulnerability affecting versions before 8.6.0. A non-admin user with only the granular users.edit permission can lock out admins by editing the activated flag (login eligibility) and the ldap_import flag (password reset requests). The issue is f...

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability for non-administrator users to have the "users.edit" permission, allowing them to...

PT-2026-37146

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description An issue exists where the Role::stopMembership function fails to verify if removing a user from the administrator role leaves the system with zero administrators. While the deprecated...

MyTube 安全漏洞

MyTube is a video self-hosted downloader and player developed by Peifan Li. Versions of MyTube prior to 1.8.72 contained security vulnerabilities. These vulnerabilities allowed unverified attackers to lock out admin and guest accounts due to login failures, potentially leading to denial-of-servic...

Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control And Lockout

Summary The Honeywell IQ4 Trend IQ4 is a line of intelligent building-management controllers designed to provide advanced unitary control, HVAC integration, and scalable I/O expansion for commercial environments. These controllers use Ethernet and TCP/IP networking with embedded XML, support BACn...

CVE-2025-55067

The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history...

CVE-2025-55067 Integer Overflow or Wraparound in Veeder-Root TLS4B Automatic Tank Gauge System

The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history...

CVE-2025-60772

Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrator via crafted HTTP requests...

EUVD-2025-35201

Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrator via crafted HTTP requests...

CVE-2025-60772

Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrator via crafted HTTP requests...

CVE-2025-60772

CVE-2025-60772 targets NETLINK HG322G with V1.0.00-231017 firmware. The issue is improper authentication in the device’s web-based management interface, enabling a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrator via crafted HTTP requests. CVSS 3.1 ...

NETLINK HG322G 安全漏洞

The NETLINK HG322G is a fiber optic network terminal from NETLINK. A security vulnerability exists in the NETLINK HG322G version V1.0.00, which stems from improper authentication of the web-based management interface, which could allow a remote, unauthenticated attacker to elevate privileges and...

CVE-2025-60772

Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrator via crafted HTTP requests...

PT-2025-39663

Name of the Vulnerable Software and Affected Versions Rancher versions prior to 2.12.2 Rancher versions prior to 2.11.6 Rancher versions prior to 2.10.10 Rancher versions prior to 2.9.12 Description A missing server-side validation on the .username field in Rancher allows users with update...

CVE-2025-2168

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1. This is due to missing or incorrect non...

CVE-2024-41432

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can...

CVE-2021-32454

SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access...