3 matches found
CVE-2026-16198
The CVE affects Sipeed PicoClaw ≤ 0.2.9, specifically the First Run Setup’s web/backend/middleware/access_control.go where manipulation of the allowed_cidrs argument enables authentication bypass via an alternate channel. The issue can be triggered remotely and has high attack complexity with no ...
CVE-2025-53880 susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...
PT-2023-21231 · Miniflux · Miniflux
Name of the Vulnerable Software and Affected Versions: Miniflux versions prior to 2.0.43 Description: Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICS COLLECTOR configuration...