CVE-2025-55704

Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within the logs...

CVE-2025-55704

CVE-2025-55704 describes a hidden functionality issue in multiple Brother MFPs that may allow an attacker to obtain logs from the affected product and access sensitive information contained in those logs. The issue is surfaced across multiple feeds (NVD, Red Hat, JVN, CIRCL, CVE list, EUVD, etc.)...

CVE-2026-23592

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2025-40536 SolarWinds Web Help Desk Security Control Bypass Vulnerability

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality...

EUVD-2025-206418

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality...

CVE-2025-40536 SolarWinds Web Help Desk Security Control Bypass Vulnerability

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality...

CVE-2025-40536

CVE-2025-40536 relates to SolarWinds Web Help Desk and is described in connected sources as a security control bypass that could allow an unauthenticated attacker to access certain restricted functionality. The KEV/KEA entries note active exploitation risk, and a Metasploit module documents an un...

CVE-2026-23592

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2026-23592

CVE-2026-23592 affects HPE Aruba Networking Fabric Composer. Insecure file operations in the backup functionality could allow authenticated attackers to achieve remote code execution and run arbitrary commands on the underlying OS. No remediation details are provided in the supplied documents.

CVE-2025-9522

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

CVE-2025-9522

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

CVE-2025-59098

CVE-2025-59098 describes a trace/debug facility in the dormakaba Access Manager. The trace is exposed via a plain TCP socket with no authentication or encryption, and TraceClient.exe can connect through the web interface to receive debug output. The verbosity is configurable via HTTP(S) with the ...

CVE-2025-59098 Trace Functionality Leaking Sensitive Data in dormakaba access manager

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

CVE-2025-59098 Trace Functionality Leaking Sensitive Data in dormakaba access manager

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

PT-2026-4748

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

CVE-2026-24355

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through = 4.2.6...

Incorrect Provision of Specified Functionality

Overview Affected versions of this package are vulnerable to Incorrect Provision of Specified Functionality due to inconsistencies between the verification of commit signatures and the derivation of block time. An attacker can disrupt consensus guarantees and manipulate block timestamps by...

Incorrect Provision of Specified Functionality

Overview Affected versions of this package are vulnerable to Incorrect Provision of Specified Functionality due to inconsistencies between the verification of commit signatures and the derivation of block time. An attacker can disrupt consensus guarantees and manipulate block timestamps by...

CVE-2026-24355

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through = 4.2.6...

CVE-2025-68009

Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through = 1.0.3...