CVE-2026-2850

The CVE-2026-2850 entry concerns the YeQifu Warehouse project, affecting the Customer Endpoint component (dataset/repos/warehouse/src/main/java/com/yeqifu/bus/controller/CustomerController.java). The vulnerability arises from improper access controls in the addCustomer, updateCustomer, and delete...

CVE-2026-24790 Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...

CVE-2026-24790

Technical details about CVE-2026-24790 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-2849 yeqifu warehouse Cache Sync CacheController.java syncCache access control

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\CacheController.java of the component Cache Sy...

CVE-2026-2849 yeqifu warehouse Cache Sync CacheController.java syncCache access control

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\CacheController.java of the component Cache Sy...

CVE-2026-2849

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\CacheController.java of the component Cache Sy...

CVE-2026-2849

The CVE affects yeqifu warehouse (up to commit aaf29962ba407d22d991781de28796ee7b4670e4). The vulnerable component is the Cache Sync Handler, specifically the CacheController.java functions deleteCache, removeAllCache, and syncCache. The root cause is improper access controls in these methods, en...

CVE-2026-2665

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be...

PT-2026-21251

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...

Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller 访问控制错误漏洞

The Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller is an industrial natural gas odorization system developed by the American company Welker. This system has a security vulnerability known as access control errors. The vulnerability stems from insufficient protective measures or...

warehouse 访问控制错误漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu’s individual developer, based on Spring Boot. There is an access control vulnerability in Warehouse. This vulnerability stems from improper access control issues in the functions addCustomer, updateCustomer, and...

warehouse 访问控制错误漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu’s individual developer, based on Spring Boot. There is an access control vulnerability in Warehouse. This vulnerability stems from improper access control issues in the addInport/, updateInport/, and deleteInport...

GO-2026-4399 DoS in cert-manager-controller via Specially Crafted DNS Response in github.com/cert-manager/cert-manager

DoS in cert-manager-controller via Specially Crafted DNS Response in github.com/cert-manager/cert-manager...

EPSON Printer Controller Installer 安全漏洞

EPSON Printer Controller Installer is a printer driver installation software developed by EPSON, a Japanese company. The EPSON Printer Controller Installer has a security vulnerability, which stems from improper client authentication using the XPC protocol and incorrect execution of the macOS...

CVE-2026-2665 huanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted upload

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be...

CVE-2026-2665

The CVE refers to huanzi-qch base-admin (up to commit 57a8126bb3353a004f3c7722089e3b926ea83596) with a vulnerability in the Upload function of SysFileController.java (JSP Parser component) that allows unrestricted file upload via manipulation of the File argument. Exploitation is remote and the e...

CVE-2025-71235

CVE-2025-71235 : Linux kernel, scsi: qla2xxx driver. The issue arises when a module unload is issued while a fabric scan is in progress, causing a crash due to freeing memory in interrupt context (dma_free_attrs) after the UNLOADING flag is set and a scheduled work item cannot be allocated. Root ...

SUSE CVE-2025-67860

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...

PT-2026-20493

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be...

InvoicePlane 路径遍历漏洞

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. InvoicePlane versions 1.6.3 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the getfi...