CVE-2026-26289

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

CVE-2025-26418

Technical details (affected products, exact component, exploit conditions, remediation) are not publicly available in the provided documents. Monitor for updates.

CVE-2026-26289

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

CVE-2026-26289

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

CVE-2026-26289

CVE-2026-26289 affects PowerSYSTEM Center: the REST API endpoint used for device account export has incorrect authorization, permitting an authenticated user with limited permissions to access data normally restricted to administrators. The issue exposes sensitive information and is backed by hig...

PT-2026-40435

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

VulnCheck KEV: CVE-2019-17506

There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password and other information via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZEDGROUP=1%0a to...

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

CVE-2022-20303

In ContentService, there is a possible way to determine if an account is on the device without GETACCOUNTS permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-15894

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by...

Design/Logic Flaw

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by...

PT-2020-14692 · D Link · D-Link Dir-816L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816L devices versions 2.x before 1.10b04Beta02 Description: An issue exists where an exposed administration function in "getcfg.php" can be used to call various services, potentially allowing an attacker to retrieve sensitive...

Design/Logic Flaw

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operatio...

AdHocMate v1.0 iOS - Persistent Mail Encode Vulnerability

Document Title: =============== AdHocMate v1.0 iOS - Persistent Mail Encode Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1559 Release Date: ============= 2015-07-27 Vulnerability Laboratory ID VL-ID: ====================================...