CVE-2026-41859

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...

CVE-2026-48152 Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL

Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which...

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

CVE-2026-34508

OpenClaw is affected by a pre-authentication rate-limiting bypass in versions before 2026.3.12. The vulnerability causes rate limits to kick in only after webhook authentication, enabling attackers to brute-force webhook secrets without triggering 429 responses. As a result, attackers can repeate...

CVE-2026-34505

OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling syst...

CVE-2026-32634

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

UBUNTU-CVE-2026-32634

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

CVE-2026-32634 Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

CVE-2026-32634

Glances Central Browser mode vulnerability (CVE-2026-32634): prior to 4.5.2, Zeroconf advertising can mislead the browser into using an untrusted server name to create connection URIs, and to look up saved passwords. If a dynamic server reports itself as protected, the untrusted name is also used...

CVE-2026-32634 Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

CVE-2026-32634

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

EUVD-2026-9477

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. If OSPF authentication is enabled, the attacker must know th...

PT-2026-23037

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall ASA Software and Cisco Secure FTD Software affected versions not specified Description A flaw exists in the OSPF protocol that may allow a nearby attacker to cause an unexpected reload of a device, leading to a denial of...

EUVD-2020-20540

Malware in sbrugna...

EUVD-2022-53415

Malicious code in bioql PyPI...

EUVD-2023-38517

Malicious code in bioql PyPI...

CVE-2022-32211

A SQL injection vulnerability exists in Rocket.Chat...

CVE-2020-28050

Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server...

CVE-2020-27508

In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security...

Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave (CVE-2024-10404)

CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive...