CVE-2026-39393

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check cache'settings' combined with .env file existence to block...

CVE-2026-39393

CVE-2026-39393 affects the ci4ms CodeIgniter 4-based CMS skeleton. Before 0.31.4.0, the install route guard uses a volatile cache check (cache('settings')) and .env existence to block setup access; if the database is temporarily unreachable during a cache miss, the guard can fail open, allowing a...

PT-2026-30801

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...

PT-2026-30802

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric GENESIS64 versions prior to 10.97.3 Mitsubishi Electric ICONICS Suite versions prior to 10.97.3 Mitsubishi Electric MobileHMI versions prior to 10.97.3 Mitsubishi Electric Hyper Historian versions prior to 10.97.3 Mitsubish...

CVE-2026-35174

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

CVE-2026-35174

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

CVE-2026-1233

CVE-2026-1233 affects the WordPress plugin Text to Speech for WP (AI Voices by Mementor). All versions up to 1.9.8 contain hardcoded MySQL credentials for the vendor’s external telemetry server in the Mementor_TTS_Remote_Telemetry class, enabling unauthenticated actors to extract and decode these...

WordPress plugin Text to Speech for WP (AI Voices by Mementor) 信任管理问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-33617

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...

EUVD-2026-18180

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...

CVE-2026-33617

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...

CVE-2026-33617

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...

CVE-2026-33617 MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...

CVE-2026-33617

CVE-2026-33617 concerns MB connect line mbCONNECT24, with vulnerability in the data24 endpoint allowing unauthenticated access to a configuration file containing database credentials. The impact is limited to confidentiality (LOW) and there is no endpoint described that uses the credentials. No e...

CVE-2026-33617 MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...

PT-2026-29714

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...

MB Connect Line mbCONNECT24 安全漏洞

MB Connect Line mbCONNECT24 is a remote service portal developed by the German company MB Connect Line. This product supports features such as remote access, data recording, and alarm notifications. There is a security vulnerability in MB Connect Line mbCONNECT24; this vulnerability stems from th...

CVE-2026-33486

CVE-2026-33486 affects Roadiz and specifically the roadiz/documents component. The vulnerability is an SSRF/LFI flaw in theDownloadedFile::fromUrl() flow that occurs when importing external media; an attacker-controlled URL can be used with file:// to read local server files (including environmen...

CVE-2026-33486

Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web...

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...