CVE-2026-25720

A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continu...

CVE-2026-25720 SenseLive X3050 Insufficient session expiration

A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continu...

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

EUVD-2026-5533

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

CVE-2026-0714

CVE-2026-0714 (CISA/Red Hat context included) describes a physical-attack vulnerability in certain Moxa industrial computers running Moxa Industrial Linux 3 with TPM-backed LUKS full-disk encryption. The discrete TPM is connected to the CPU over an SPI bus. Exploitation requires invasive physical...

Automattic: Authentication & Registration Bypass in Newspack Extended Access

The Newspack Extended Access plugin omitted to verify JWT signing on the registration and login JSON endpoint. This permitted registration of accounts with arbitrary user-supplied details, and authentication bypass and account hijack if a target account email was known...

Automattic: Authentication & Registration Bypass in Newspack Extended Access

The Newspack Extended Access plugin failed to validate the JWT signing on the registration and login JSON endpoint. This allowed for the registration of accounts with arbitrary user-supplied details and authentication bypass if a target account email was known...

How to enable ACL logging for extended ACLs

This article is a guidance on how enable ACL logging for Extended ACLSimple ACL does not have this function...

PT-2019-15906 · Artica · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 7.x Description: The issue allows for remote code execution with an authenticated user who has the ability to modify the alert system, potentially enabling the execution of commands as root or Administrator. It is noted...