CLSA-2026-1779124021 firewalld: Fix of CVE-2026-4948

CVE-2026-4948: use PKACTIONCONFIG instead of PKACTIONCONFIGINFO for setZoneSettings2 and setPolicySettings to require config-write authorization...

CVE-2026-34121

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

CVE-2025-15517

The CVE-2025-15517 entry describes an authentication-bypass in the HTTP server of TP-Link Archer NX200, NX210, NX500, and NX600. A missing auth check on certain CGI endpoints allows unauthenticated users to perform privileged HTTP actions, including firmware uploads and configuration changes. The...

CVE-2025-15517

A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and...

CVE-2021-33766 ProxyToken

Microsoft Exchange Server Information Disclosure Vulnerability Recent assessments: NinjaOperator at August 30, 2021 4:59pm UTC reported: An unauthenticated actor can perform configuration actions on mailboxes belonging to arbitrary users. Which can be used to copy all emails addressed to a target...