CVE-2026-11989

The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the uploadattachment. This makes it possible for unauthenticated attackers to make web...

PT-2026-50836

Name of the Vulnerable Software and Affected Versions Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation versions prior to 2.8.8 Description An issue exists where unauthenticated attackers can perform Server-Side Request Forgery SSRF, a flaw that allows a serv...

CVE-2026-34028

The CVE-2026-34028 entry concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). It exposes web-accessible file paths that lack authorization, allowing an unauthenticated attacker to directly download files via HTTP endpoints such as /Resources/CompanyId_[ID]/Audio/ and /Safe...

Microhard Systems IPn4G 安全漏洞

Microhard Systems IPn4G is a cellular wireless gateway from Microhard Canada. A security vulnerability exists in Microhard Systems IPn4G version 1.1.0 that originates from a downloadable sensitive system configuration file that could lead to the disclosure of configuration information...

CVE-2025-35033 Medical Informatics Engineering Enterprise Health CSV injection

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

CVE-2023-47313

Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. This API call receives two input parameters, such as path and localPath. The first one refers to the...

Nokia NetAct 安全漏洞

Nokia NetAct is a network management system from the Finnish company Nokia. A security vulnerability exists in Nokia NetAct version 22 that originates from a vulnerability that allows an attacker to edit or add the templateName parameter to include malicious code, which can then be downloaded as ...

CVE-2021-1406

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion...

Input validation

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion...

CVE-2021-1406 Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion...

CVE-2021-1406 Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion...

Engel & Völkers Technology GmbH: Information Exposure at https://printshop.engelvoelkers.com/

Summary: There is an information exposure through some tmp, txt files that can allow an attacker to download some files from the application. Steps To Reproduce: + There are some files that exposed internal links from the application, inside of these files you can view some .xls that you can...

IIS Short Name Scanner - Scanner For IIS Short File Name Disclosure Vulnerability (using the tilde [~] character)

Scanner for IIS short file name 8.3 disclosure vulnerability by using the tilde character. Description Microsoft IIS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered during the parsing of a request that contains a tilde character . This may allow a...

Directory Traversal Vulnerability in Broadband Authentication and Billing System of Chengdu Starry Blue Ocean Network Technology Co.

Blue Ocean Premier Broadband Access Gateway is a specialized intelligent device for Ethernet broadband access. A directory traversal vulnerability exists in the broadband authentication and billing system of Chengdu Starry Blue Ocean Network Technology Co. where an attacker can download sensitive...

Default application configuration files are available for download

h3. Summary of The Bug By browsing to the following URL path user would be able to download any files under /confluence/WEB-INF/... code/s/1519/3/1.0//WEB-INF/...code The above URL will be accessible by any users including anonymous even to an instance that does not allow anonymous access h5. Not...

Mozilla Firefox Insecure Saving Of Downloadable File - Linux

Mozilla Firefox is saving downloadable files insecurely. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

MS patch Q292108 opens a vulnerability

Hi, Last MS patch Q290108 released with the bulletin MS01-020 opens a new vulnerability. A tricked EML file can confuse the user displaying him a fake downlodaded file name. Executable files can be disguised as other supposedly inocent files text, sound or images. Demo is available in :...