CVE-2026-44631

A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server's configuration. An attacker could potentially exploit this to cause a denial of service. Mitigation Only loadtrustedApache configuration; the bug triggers...

CVE-2026-8913

The CVE affects Archer MR600 v5, specifically the WireGuard client configuration exposed via the web management interface. It enables command injection through improper neutralization of user-controlled input when applying configuration changes. An authenticated administrator can execute arbitrar...

CVE-2026-41918

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...

Siemens RUGGEDCOM RST2428P 安全漏洞

The Siemens RUGGEDCOM RST2428P is a server communication device produced by the German company Siemens. Versions of Siemens RUGGEDCOM RST2428P prior to 4.0 contained security vulnerabilities. These vulnerabilities stemmed from the practice of storing sensitive information in the browser cache whe...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the gateway process. An attacker can modify sensitive configuration paths and persist unsafe changes that cross security boundaries by leveraging model-driven...

Silex Technology SD-330AC and AMC Manager

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...

Vulnerabilities fixed in Synology SSL VPN Client

Synology has fixed vulnerabilities in Synology SSL VPN Client. A malicious party can exploit these vulnerabilities because Synology SSL VPN Client with version before 1.4.5-0684 stores PINs insecurely and does not adequately shield files via a local HTTP server component. This can lead to...

PT-2026-29892

Name of the Vulnerable Software and Affected Versions Hirschmann HiEOS devices versions prior to 01.1.00 Description Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass in the HTTPS management module. Attackers can gain administrative access by sending specially...

CVE-2026-33032

CVE-2026-33032 affects nginx-ui prior to 2.3.4. The MCP integration exposes two HTTP endpoints: /mcp (protected by AuthRequired) and /mcp_message (no authentication). The default IPWhiteList is empty, which the middleware treats as “allow all,” enabling unauthenticated MCP tool invocations (e.g.,...

CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...

EulerOS 2.0 SP12 : cups (EulerOS-SA-2026-1385)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects ...

CVE-2026-30868

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are accessible via HTTP GET requests without CSRF protection. The framework CSRF validation in ApiControllerBase only applies to POST/PUT/DELETE...

CVE-2026-30868

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are accessible via HTTP GET requests without CSRF protection. The framework CSRF validation in ApiControllerBase only applies to POST/PUT/DELETE...

CVE-2026-2330

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...

CVE-2025-13491

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

PT-2026-6050

Name of the Vulnerable Software and Affected Versions MOMA Seismic Station versions v2.4.2520 and prior Description The MOMA Seismic Station web management interface does not require authentication. This allows an unauthenticated attacker to modify configuration settings, obtain device data, or...

ABB Ability OPTIMAX

SUMMARY ABB became aware of severe vulnerability in the products versions listed as affected in the advisory, if the optional integration with Azure Active Directory for Single-Sign On is enabled. We have not received any reports of this vulnerability being exploited. An attacker who...

CVE-2025-68707

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise...

CVE-2025-68707

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise...