PT-2026-35993

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...

GHSA-7VQ9-42CC-33J4 Duplicate Advisory: OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xj9w-5r6q-x6v4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the no...

Eaton Intelligent Power Protector 安全漏洞

Eaton Intelligent Power Protector is a power protection software developed by Eaton, Inc. in the United States. The Eaton Intelligent Power Protector has a security vulnerability, which stems from the insecure library loading in executable files. This vulnerability may allow attackers with access...

EUVD-2026-17923

Improper authentication in the two-factor authentication 2FA feature in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multifactor authentication and gain unauthorized access to the victim account via reuse of a partially authenticated session...

GHSA-4PGC-GFRR-WCMG Keycloak has Improper Access Control that allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

CVE-2021-47770

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network...

EUVD-2025-35717

The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote...

CVE-2024-24301

Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges...

CVE-2021-38462

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf...

Icinga 安全漏洞

Icinga is a scalable server, network resource monitoring system from Icinga, Germany. A security vulnerability exists in Icinga that originates from the fact that an attacker who obtains credentials can impersonate Icinga to access these services and add, modify, and delete information there. The...

CVE-2019-1726

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An...

CVE-2018-10626

Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLin...

openssh: Privilege separation weakness related to PAM support

A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users...