CVE-2026-9144 Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

Prometheus Azure AD remote write OAuth client secret exposed via config API

...

CVE-2026-3323

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

CVE-2026-3323

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

CVE-2026-3323 VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

CVE-2026-3323 VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

PT-2026-35708

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the configuration API when type protection is missing for sensitive fields. An attacker can obtain confidential credentials by sending requests directly to the API...

Emissary has a Path Traversal via Blacklist Bypass in Configuration API

Summary The configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants, double-encoding, or Unicode normalization to achieve path traversal and...

CVE-2026-35583 Emissary has a Path Traversal via Blacklist Bypass in Configuration API

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants,...

CVE-2026-35583

Emissary (configuration API) vulnerability: A path traversal could be achieved in /api/configuration/{name} due to a blacklist-based validation that blocked , /, .., and trailing ... The check can be bypassed via URL-encoded variants, double-encoding, or Unicode normalization, allowing access to ...

CVE-2026-30695

A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...

CVE-2025-33216

NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...

CVE-2024-51347

A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone TZ parameter within the ONVIF configuration interface. The time zone TZ parameter does not have its length properly validated before being copied into a...

EUVD-2025-208966

NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...

CVE-2025-33216

NVIDIA SNAP-4 Container vulnerability CVE-2025-33216 resides in the configuration interface, where crafted configurations can cause an incorrect buffer size calculation, potentially crashing the SNAP service and denying storage access to the host. Affected products: SNAP-4 Container (BlueField-3 ...

CVE-2025-33216

NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...

NVIDIA SNAP-4 Container 安全漏洞

NVIDIA SNAP-4 Container is a containerized operating environment component provided by NVIDIA Corporation in the United States. There is a security vulnerability present in NVIDIA SNAP-4 Container, which stems from an error in buffer size calculation within the configuration interface, potentiall...

PT-2026-27501

NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...

EUVD-2026-13501

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...