871 matches found
PT-2026-41205
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description The 'checkBasicAuth' endpoint validates credentials in plaintext using direct comparison without rate limiting. This allows attackers to perform unlimited brute-force attempts against the username an...
CVE-2026-3323
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...
CVE-2026-3323 VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...
EUVD-2026-26030
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...
CVE-2026-3323
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...
PT-2026-35708
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...
CVE-2026-3867
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...
CVE-2026-3867
CVE-2026-3867 and CVE-2026-3868 affect Moxa’s Secure Router. CVE-2026-3867: improper ownership management may allow a low-privileged authenticated user to access a configuration file containing the hashed admin password when the config is exported, exposing sensitive information (confidentiality ...
CVE-2026-3867
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...
EUVD-2026-25756
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...
PT-2026-35345
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...
Apache::API::Password 安全漏洞
Apache::API::Password is a password management module provided by the Apache Foundation. Versions of Apache::API::Password up to v0.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of an insecure random number generator for generating salts, which could compromis...
OPENSUSE-SU-2026:20533-1 Security update for pam
This update for pam fixes the following issue: - CVE-2024-10041: libpam: vulnerable to read hashed password bsc1232234...
SUSE-SU-2026:21112-1 Security update for pam
This update for pam fixes the following issue: - CVE-2024-10041: libpam: vulnerable to read hashed password bsc1232234...
SUSE-SU-2026:21192-1 Security update for pam
This update for pam fixes the following issue: - CVE-2024-10041: libpam: vulnerable to read hashed password bsc1232234...
Kimai leaks API Token Hash via Invoice Twig Template
Summary The Twig sandbox used for invoice templates blocks certain sensitive User methods password, TOTP secret, etc. via a blocklist in StrictPolicy::checkMethodAllowed. However, getApiToken and getPlainApiToken are not on the blocklist. An admin who creates an invoice template can embed calls t...
OESA-2026-1834 uboot-tools security update
This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fwprintenv and fwsetenv programs to read and modify U-Boot's environment. Security Fixes: barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the...
CVE-2026-33243
barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...
DEBIAN-CVE-2026-33243
barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...
CVE-2026-33243
barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...