CVE-2026-28515

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

CVE-2025-10127

Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials...

toy-blog Security Breach

toy-blog is a CMS system by the individual developer Kisaragi. A security vulnerability exists in toy-blog versions prior to 0.5.4 through 0.6.1, which stems from the ability to read articles with private visibility if the reader does not set the requested credentials...

Secomea SiteManager 安全漏洞

Secomea SiteManager is a software application from the Danish company Secomea. It provides a remote maintenance function for industrial equipment. A security vulnerability exists in Secomea SiteManager versions prior to 9.5, which stems from an incorrect access control vulnerability in Secomea...

CVE-2020-10620

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely...