CVE-2026-41918

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...

CVE-2026-41918

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...

CVE-2026-41918

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...

PT-2026-45755

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...

CVE-2026-9809

A stored Cross-Site Scripting XSS vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views such as campaigns, emails, or forms, user-supplied project names are rendered without proper sanitization. An authenticated user...

PT-2026-44972

Name of the Vulnerable Software and Affected Versions TP-Link TL-SG108PE v5 affected versions not specified Description A stored cross-site scripting XSS issue exists in the web management interface. This occurs because the SYSNAM configuration parameter is not properly sanitized during the...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from a range-bypass vulnerability in the Gateway chat.send route, allowing clients with restricted ranges to...

Cisco Secure Workload Unauthorized API Access Vulnerability

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST...

EUVD-2026-30851

There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface...

CVE-2026-44408

Summary: CVE-2026-44408 affects the ZTE MU5250 due to improper permission control in the Web interface, enabling an unauthorized attacker to modify configuration via the web UI. The CVSS 3.1 vector is AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H with a base score of 6.3 (Medium) . Exploitation status is n...

Palo Alto Networks Trust Protection Foundation 安全漏洞

Palo Alto Networks Trust Protection Foundation is a machine identity and certificate security management platform provided by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Trust Protection Foundation, which stems from an information leakage issue. This vulnerability...

F5 BIG-IP 跨站请求伪造漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a cross-site request forgery vulnerability, which originates from the...

CVE-2026-42286

The CVE-2026-42286 entry concerns Emlog, an open source website building system. Affected versions prior to 2.6.11 lack CSRF protection in critical admin functions, enabling an attacker to coerce authenticated admins into actions such as system registration, plugin management, and configuration c...

EUVD-2026-28841

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

CVE-2026-42286 Emlog: Cross-Site Request Forgery in Admin Functions

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

PT-2026-39202

Name of the Vulnerable Software and Affected Versions Emlog versions prior to 2.6.11 Description Missing Cross-Site Request Forgery CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions. These actions include system...

Directory Traversal

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Directory Traversal via the FormFlash process when the sessionid parameter mapped to form-flash-id in POST requests is not properly sanitized...

GHSA-RPFR-X88X-XWCW Pelican Web UI Affected by a Privilege Escalation Attack

Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI for various versions between v7.21 and v7.24. Upon further investigation, the Pelican team discovered this attack allows any...

CVE-2026-5039

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

CVE-2026-3893 Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...