CVE-2026-54445 Vantage6: Set admin user and password from environment or configuration

vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username root and password root. This is not ideal because attackers know that almost all vantage6 servers have a user with username root that probably has admin rights,...

Glances Exposes Unauthenticated Configuration Secrets

Summary The /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all configured backend services including database passwords, API tokens, JWT...

PT-2025-48194

Name of the Vulnerable Software and Affected Versions Astak CM-818T3 2.4GHz wireless security surveillance cameras affected versions not specified Description The cameras have an unauthenticated configuration disclosure issue in the /web/cgi-bin/hi3510/backup.cgi endpoint. This endpoint allows...

EUVD-2017-5286

Malware in sbrugna...

CVE-2025-10264

CVE-2025-10264 — Digiever NVR exposure of sensitive information . Multiple connected sources confirm that certain Digiever NVR models are vulnerable to an exposure of sensitive information, allowing unauthenticated remote attackers to access the system configuration file and obtain plaintext cred...

CVE-2025-30048

The "serverConfig" endpoint, which returns the module configuration including credentials, is accessible without authentication...

GHSA-8HMM-4CRW-VM2C @musistudio/claude-code-router has improper CORS configuration

Impact Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could exploit this misconfiguration to steal credentials, abuse accounts, exhaust quotas, or access sensitive data...

Visual Planning Admin Center 安全漏洞

Visual Planning Admin Center is a cloud-based resource management and scheduling software from Visual Planning. A security vulnerability exists in versions prior to Visual Planning Admin Center 8 Build 240207 that stems from insufficient access checking. An attacker could exploit the vulnerabilit...

BUFFALO wireless LAN routers 安全漏洞

Buffalo BUFFALO wireless LAN routers are a series of routers from Buffalo, Japan. A security vulnerability exists in BUFFALO wireless LAN, which arises from passwords being stored in clear text. An attacker could exploit the vulnerability to gain access to the product's login page to obtain...

Apache Pulsar 安全漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication, and...

Security Bulletin: IBM Robotic Process Automation is vulnerable to configuration credentials unencrypted in system memory (CVE-2022-22414)

Summary Security Bulletin: IBM Robotic Process Automation is vulnerable to configuration credentials unencrypted in system memory CVE-2022-22414 Vulnerability Details CVEID: CVE-2022-22414 DESCRIPTION: IBM Robotic Process Automation could allow a local user to obtain sensitive web service...

CVE-2017-13771

CVE-2017-13771 affects Lexmark Scan To Network (SNF)

CVE-2006-3561

BT Voyager 2091 Wireless firmware 2.21.05.08mA2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via 1 /btvoyagergetconfig.sh, PPP credentials via 2 btvoyagergetpppcreds.sh...