Anviz CX7 安全漏洞

The Anviz CX7 is an intelligent terminal device from the American company Anviz, featuring integrated biometrics and access control functions. The Anviz CX7 firmware contains a security vulnerability. This vulnerability stems from unverified POST requests that can capture photos taken by the...

Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Description: Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges RFC 1918, localhost, or cloud metadata endpoints. This enables...

CVE-2026-1694

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information...

EUVD-2016-4060

Malware in sbrugna...

cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment

A credential-protection flaw was found in cockpit-ovirt. During deployment, it generated an ansible variable file /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var which contained both admin and appliance passwords as plain-text. Although these files are deleted at the end of th...