CVE-2026-1694

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information...

EUVD-2026-8838

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information...

CVE-2026-23491 InvoicePlane has Unauthenticated Path Traversal in Guest Controller

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A path traversal vulnerability exists in the getfile method of the Guest module's Get controller in InvoicePlane up to and including through 1.6.3. The vulnerability allows unauthenticated attacker...

CVE-2026-23598

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well...

GHSA-G7VW-F8P5-C728 Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

Summary A missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a different node. This issue stems from missing logic to verify that the node...

ACE SECURITY WiP-90113 访问控制错误漏洞

ACE SECURITY WiP-90113 is a camera product developed by the Japanese company ACE SECURITY. ACE SECURITY WiP-90113 has a vulnerability related to access control. This vulnerability arises from the unprotected configuration of backup endpoints, which may allow unverified attackers to retrieve...

CVE-2026-1341

Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control...

CVE-2020-37097 Edimax EW-7438RPn 1.13 - Information Disclosure (WiFi Password)

Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencryptwiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device...

CVE-2020-37088

CVE-2020-37088 affects School ERP Pro 1.0: an unauthenticated file disclosure via download.php by manipulating the document parameter with directory traversal to read arbitrary files, exposing sensitive configuration files and credentials. Root cause: improper validation of the document parameter...

CVE-2026-1341

Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control, allowing an attacker to take full control of the device. The issue, documented across multiple sources (NVD, Red Hat, ENISA EUVD, CVE listing), indicates a network-accessible int...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the all function. An attacker can extract sensitive information from the database, including user credentials, configuration settings, and business data by injecting malicious SQL queries through user-controlled...

Linux Distros Unpatched Vulnerability : CVE-2026-24413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set...

CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

CVE-2025-14610

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for...

Tenda D301和Tenda D151 访问控制错误漏洞

Tenda D301 is a wireless router.Tenda D151 is a wireless router. An access control error vulnerability exists in the Tenda D301 and Tenda D151 that stems from the presence of an unauthenticated configuration download on the /goform/getimage endpoint, which can be exploited by an attacker to cause...

CVE-2025-47855

An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests...

EUVD-2026-2230

An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests...

CVE-2025-47855

An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests...

PT-2026-2451

Name of the Vulnerable Software and Affected Versions HPE Instant On Access Points affected versions not specified Description A flaw exists in the router mode configuration of HPE Instant On Access Points. This issue could allow a malicious actor to obtain knowledge of internal network...

CVE-2018-1000105

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins...