115 matches found
CVE-2026-1946
The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gwaiwebugravitywritedisconnecthandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with...
GHSA-72GW-MP4G-V24J
creationtimestamp| type| source ---|---|--- 2026-06-17 19:41:25+00:00| seen| https://gist.github.com/alon710/e8e930bfaf0a04644c5861c1af92ed10 2026-07-02 16:42:59+00:00| seen| https://gist.github.com/konard/2d84a73c0ff6413bca5b0e79fa90d50e 2026-07-03 13:46:20+00:00| seen|...
CVE-2026-50089 Aqara IAM/SSO Gateway open redirect
The Aqara IAM/SSO Gateway gw-builder.aqara.com provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 6.1 Medium, which can be used to set up a phishing attack...
CVE-2026-50089 Aqara IAM/SSO Gateway open redirect
The Aqara IAM/SSO Gateway gw-builder.aqara.com provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 6.1 Medium, which can be used to set up a phishing attack...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the batman-adv module’s failure to release the backbonegw reference when inserting a statement in...
MINI-5PWM-H7GW-WJ32
Bulletin has no description...
MINI-38MX-PM4V-X7GW
Bulletin has no description...
CVE-2025-13779
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...
CVE-2025-13779
The CVE-2025-13779 entry concerns ABB AWIN GW100 rev.2 and AWIN GW120 units with a missing authentication vulnerability in a critical function. Affected revisions: GW100 rev.2 (2.0-0, 2.0-1) and GW120 (1.2-0, 1.2-1). The issue is exploitable with adjacent attack vector, low complexity, no privile...
ROS-20260121-73-0021
A vulnerability in the fibchecknhv6gw function of the Linux operating system kernel is related to a possible memory leak. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
EUVD-2025-34264
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...
CVE-2025-37144
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...
EUVD-2015-5620
Malware in sbrugna...
EUVD-2015-5621
Malware in sbrugna...
EUVD-2015-5618
Malware in sbrugna...
EUVD-2023-31623
Malicious code in bioql PyPI...
Security update for docker-compose
This update for docker-compose fixes the following issues: Update to version 2.33.1: Improvements Add support for gwpriority, enableipv4 requires docker v28.0 by @thaJeztah in 12570 Fixes Run watch standalone if menu fails to start by @ndeloof in 12536 Report error using non-file secret|config wi...
CVE-2023-27888
Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product...
CVE-2019-12000
HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging...
CVE-2025-27084 Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal (CP) of an AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-based Management Interface
A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting XSS attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the...