CVE-2026-27778

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

agentgateway 输入验证错误漏洞

Agentgateway is an open-source software developed by Agent Gateway, designed to provide secure and observable communication connections for AI agents. Versions of Agentgateway prior to 0.12.0 contained a vulnerability related to input validation errors. This vulnerability occurred when converting...

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the /api/query/sql interface, which only checked basic authentication, potentially allowing arbitrary SQL...

CVE-2025-70363

Summary (CVE-2025-70363) : The REST API in Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x is affected by an improper access control flaw that allows unauthenticated attackers to access sensitive data by enumerating object IDs. The issue is described across multiple sources, with the root ca...

PT-2026-23752

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.5 Parse Server versions prior to 9.5.0-alpha.3 Description The readOnlyMasterKey can be misused to create and delete files through the Files API. Specifically, the API endpoints /files/:filename POST and DELE...

CVE-2025-70363

Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs...

PT-2026-23637

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.1 Description Chartbrew is a web application designed for connecting to databases and APIs to create charts. A remote code execution issue exists in versions before 4.8.1 due to a vulnerable API. The issue has...

PT-2026-23712

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not restrict the number of authentication requests. This lack of rate limiting could enable an attacke...

PT-2026-23713

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

RHEL 10 : udisks2 (RHSA-2026:3476)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3476 advisory. The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fixe...

RockyLinux 10 : udisks2 (RLSA-2026:3476)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3476 advisory. udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API CVE-2026-26104 udisks: Missing Authorization...

NewStart CGSL MAIN 6.06 (SP) : libvirt Vulnerability (NS-SA-2026-0022)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has libvirt packages installed that are affected by a vulnerability: - An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemudriver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the...

RockyLinux 10 : libpng (RLSA-2026:3551)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3551 advisory. libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API CVE-2026-22801 libpng: libpng: Denial of...

CVE-2026-27778

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-27778 ePower epower.ie Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-27778

The CVE-2026-27778 entry concerns the WebSocket API. The root cause is no rate limiting on authentication attempts, allowing potential denial-of-service by disrupting legitimate charger telemetry and enabling brute-force access attempts. The available documents consistently describe the issue but...

CVE-2026-27778 ePower epower.ie Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-2589 Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...

CVE-2026-28462

OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...

CVE-2026-28462 OpenClaw < 2026.2.13 - Path Traversal in Trace and Download Output Paths

OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...