CVE-2026-47366

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

EUVD-2026-36377

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

CVE-2026-47366

CVE-2026-47366 describes an improper verification of access permissions in the Administration Control Panel . An authenticated administrator could modify permissions and grant rights beyond their authorized level, resulting in privilege escalation within the administrative interface. The document...

CVE-2026-48610

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

CVE-2026-48610

CVE-2026-48610 describes an Improper Access Control vulnerability on certain devices running UniFi OS. A remote attacker with network access could cause unauthorized changes to UniFi OS devices. The CVSSv3.1 base score is 8.1 (High) with network attack vector, high impact on confidentiality, inte...

EUVD-2026-36378

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

CVE-2026-47366

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

PT-2026-48820

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

PT-2026-48825

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

📄 HTTP/2 Multi-Server HPACK Exhaustion

This code implements a multi-target HTTP/2 resource exhaustion framework designed to stress or overwhelm server implementations through protocol-level amplification techniques. It includes server-specific payload generation for multiple platforms, automated connection orchestration, stream scalin...

PT-2026-48830

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

PT-2026-48884

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...

PT-2026-48887

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

CVE-2026-6250

An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return...

CVE-2026-53812

OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to private-network targets via action-triggered...

CVE-2026-53817

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert...

CVE-2026-45175

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker ...

CVE-2026-53817 OpenClaw < 2026.5.22 - Control UI Locality Spoofing in Device Pairing

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert...

EUVD-2026-36323

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert...

CVE-2026-53817 OpenClaw < 2026.5.22 - Control UI Locality Spoofing in Device Pairing

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert...