CVE-2026-50226

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...

CVE-2026-50226

CVE-2026-50226 affects the AcerConnect OTA application. The issue arises from fixed AES-128-CBC keys inside the app, allowing attackers to forge authorization credentials for arbitrary IMEI numbers. This enables unauthorized actors to list catalog items and extract protected binaries from pre-sig...

The vulnerability of the ABC Notation plugin for WordPress’ content management system arises from incorrect restrictions on the path to the restricted catalog. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the ABC Notation plugin in the WordPress content management system is related to errors in processing the relative path to the catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the QAnything AI-based question-answering system lies in the incorrect limitation of the path name to the restricted access catalog. This allows attackers to read arbitrary files or execute arbitrary code.

The vulnerability of the QAnything AI-based question-answering system is related to an incorrect restriction on the name of the path to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to read arbitrary files or execute arbitrary code remotely...

Description of the security update for Project 2016: December 10, 2024 (KB5002652)

Description of the security update for Project 2016: December 10, 2024 KB5002652 Summary This security update for Microsoft Office provides defense-in-depth update to help improve security-related features. To learn more about the update, see Microsoft advisory ADV240002. Note: To apply this...

The vulnerability of the Pandora FMS system for monitoring and managing IT environments lies in the improper restriction on the path name to the restricted access catalog. This allows attackers to write arbitrary files into the system and execute arbitrary code.

The vulnerability of the Pandora FMS system for monitoring and managing IT environments stems from incorrect restrictions on the path name used to access the restricted catalog. Exploiting this vulnerability allows a malicious actor to write arbitrary files into the system and execute arbitrary...

The vulnerability of the Photos storage system in operating systems such as tvOS, iOS, iPadOS, and watchOS allows attackers to gain access to photographs stored in the temporary catalog.

The vulnerability of Photos storage in operating systems such as tvOS, iOS, iPadOS, and watchOS is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to photos stored in the temporary catalog...

The vulnerability of the access control service for remote catalogs and the authentication mechanism sssd, related to the transmission of confidential information to unauthorized entities, allows attackers to disclose the protected information.

The vulnerability of the access control service for remote catalogs and the authentication mechanism of sssd is related to the disclosure of information when an unauthorized user is brought back to the sssd’s home directory, allowing access to the file system. Exploiting this vulnerability can...

The vulnerability of the access control service for remote catalogs and the authentication mechanism sssd, related to the disclosure of information, allows a perpetrator to gain access to confidential data.

The vulnerability of the access control service for remote catalogs and the authentication mechanism of sssd involve revealing information that allows reading of sudo rules, which are accessible to any user. Exploiting this vulnerability could enable a malicious individual to gain access to...

The vulnerability of the Spring Cloud Config server arises due to an incorrect path name limitation for the restricted access catalog, allowing attackers to expose the protected information.

The vulnerability of the Spring Cloud Config server exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to expose the protected information using a specially created URL address...

Privilege escalation

A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4...

The vulnerability of the IIoT Monitor platform, related to the lack of special character filtering, allows attackers to access areas beyond the restricted catalog.

The vulnerability of the IIoT Monitor platform lies in the lack of filtering for specific symbols. Exploiting this vulnerability could allow a malicious actor to access data beyond the limited access scope of the catalog...

NetComm NWL-25 Device Directory Disclosure Vulnerability

The NetComm NWL-25 is a 4G LTE industrial grade M2M router. A device catalog disclosure vulnerability exists in the NetComm NWL-25 using firmware version 2.0.29.11 and earlier, which can be exploited by an attacker to obtain the device's catalog...