CVE-2025-15043 The Events Calendar <= 6.15.13 - Missing Authorization to Authenticated (Subscriber+) Data Migration Control

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'startmigration', 'cancelmigration', and 'revertmigration' functions in all versions up to, and including, 6.15.13. This makes it possible for authenticated attackers, with...

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

CVE-2026-1221

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware...

EUVD-2026-3462

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...

EUVD-2026-3470

Not used...

CVE-2026-1221

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware...

CVE-2026-1221

CVE-2026-1221 concerns the PrismX MX100 AP controller from Browan Communications. Multiple connected sources confirm a vulnerability described as the use of hard-coded credentials stored in firmware, enabling unauthenticated remote login to the database. Reported impact is high on confidentiality...

CVE-2026-1221 BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller - Use of Hard-coded Credentials

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware...

CVE-2026-1221 BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller - Use of Hard-coded Credentials

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware...

[SECURITY] Fedora 42 Update: mysql8.4-8.4.7-5.fc42

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

CVE-2026-1130

A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksaddplan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

EUVD-2026-3491

EUVD-2026-3491...

EUVD-2026-3495

EUVD-2026-3495...

CVE-2026-1129

A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now publi...

PT-2026-3541

Name of the Vulnerable Software and Affected Versions PrismX MX100 AP controller Description The PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a flaw related to the use of hard-coded credentials. This allows unauthenticated remote attackers to gain access to the database using...

CVE-2025-67263

CVE-2025-67263 affects Abacre Retail Point of Sale 14.0.0.396 in the Clients module. The vulnerability is a stored XSS caused by failing to properly sanitize user-supplied input in the Name and Surname fields, which is persisted in the database. An attacker can inject HTML or script content that ...

CVE-2025-67263

Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting XSS vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert malicious HTML or script content into these...

PT-2026-3666

Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9 through 7.6.3.25808 Description A flaw exists in Milner ImageDirector Capture that involves insufficiently protected credentials within the credential field. This allows for the retrieval of credenti...

PT-2026-3665

Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9 through 7.6.3.25808 Description The software uses a hard-coded encryption key within the Password function in C2SGlobalSettings.dll on Windows. A local attacker can exploit this to decrypt database...

Browan Communications PrismX MX100 Trust Management Vulnerability

The Browan Communications PrismX MX100 is a wireless router produced by Browan Communications in Taiwan, China. The PrismX MX100 has a trust management vulnerability, which stems from the use of hard-coded credentials. This vulnerability could allow unverified remote attackers to log into databas...