CVE-2026-32652

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earli...

CVE-2026-32652

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earli...

CVE-2025-71211

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerabili...

CVE-2026-8652

An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network...

CVE-2026-8652

An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network...

EUVD-2026-31620

An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network...

EUVD-2025-209911

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerabili...

CVE-2025-71211

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerabili...

CVE-2025-71211

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerabili...

Rcon-Bruteforce

RCON Scanner & Exploitation Toolkit ⚠️ EDUCATIONAL PURPOSE...

PT-2026-40291

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL CLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the admin users...

CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

CVE-2026-6667

PgBouncer (pre-1.25.2) contains an authorization flaw in the KILL_CLIENT admin command: any user with access to the administration console could execute the command, instead of restricting it to admins listed in admin_users. This could allow unauthorized clients to be killed. Remediation: upgrade...

CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

PT-2026-39229

Name of the Vulnerable Software and Affected Versions PgBouncer versions prior to 1.25.2 Description An improper authorization check exists for the 'KILL CLIENT' admin command. Any user with access to the administration console can execute this command, whereas it should be restricted exclusively...

CVE-2023-54344 Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in...

CVE-2026-27843

SenseLive X3050 is affected by CVE-2026-27843, where the web management interface permits modification of critical configuration parameters without sufficient authentication or server-side validation. By feeding unsupported or disruptive values to recovery mechanisms and network settings, an atta...

BIT-DISCOURSE-2026-32607 Discourse: Stored XSS via unescaped assignee name

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user and group display names are rendered without HTML...

CVE-2026-35467

The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...

CVE-2026-20141

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure. The Monitoring...