Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden prior to 1.35.4 contained a security vulnerability. This vulnerability stemmed from the fact that enabling email two-factor authentication allowed bypassing login...

PT-2026-39864

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.4 Description A flaw in the login brute-force protection allows attackers to determine if a username and password combination is correct when email two-factor authentication 2FA is enabled. The API endpoint...

CVE-2026-7807

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

EUVD-2026-28937

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...

CVE-2026-42606 AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...

CVE-2026-42606

CVE-2026-42606 (AzuraCast) : The vulnerability arises from the ApplyXForwarded middleware unconditionally trusting the client-supplied X-Forwarded-Host header with no trusted-proxy allowlist, allowing an unauthenticated attacker to poison the password-reset URL during forgot-password flow. The at...

CVE-2026-44987

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

CVE-2026-42452

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT temptoken for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow...

EUVD-2026-28862

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT temptoken for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow...

CVE-2026-42452 Termix: Pending-TOTP temporary token can regenerate backup codes and neutralize TOTP

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT temptoken for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow...

CVE-2026-42452

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT temptoken for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow...

CVE-2026-42452 Termix: Pending-TOTP temporary token can regenerate backup codes and neutralize TOTP

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT temptoken for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow...

CVE-2026-42452

Termix (web-based server management platform) suffers a 2FA bypass in versions prior to 2.1.0. The auth middleware accepts a temporary JWT (temp_token) with a pendingTOTP state on regular authenticated endpoints, effectively turning two-factor authentication into single-factor (password) for affe...

CVE-2026-44987

SysReptor (fully customizable pentest reporting platform) has a privilege-escalation issue in versions before 2026.29: users with User Admin permissions can change the emails of users with Superuser permissions. If the installed forgot-password feature is enabled (non-default), these users can re...

EUVD-2026-28826

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

CVE-2026-7807

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

CVE-2026-7807

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

CVE-2026-7807 SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

CVE-2026-7807 SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

CVE-2022-50994

The affected product is DrayTek Vigor 2960 with firmware versions prior to 1.5.1.4. The vulnerability is an OS command injection in the CGI login handler, exploitable by an unauthenticated remote attacker who injects shell metacharacters into the formpassword parameter; the input reaches the otp_...