CVE-2026-7714 crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

Design/Logic Flaw

The affected products store both public and private key that are used to sign and protect Custom Parameter Set CPS file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This iss...

CVE-2022-3927

CVE-2022-3927 concerns Hitachi Energy FOXMAN-UN and UNEM products. The issue arises from storing public and private keys used to sign and protect Custom Parameter Set (CPS) files, enabling an attacker to modify a CPS and sign it as legitimate. Affected products/versions: FOXMAN-UN R9C–R15B and UN...

PT-2023-13716 · Unem +1 · Unem +1

Name of the Vulnerable Software and Affected Versions: FOXMAN-UN versions R9C through R15B UNEM versions R9C through R15B Description: The affected products store both public and private keys used to sign and protect Custom Parameter Set CPS files from modification. An attacker who exploits this...