EUVD-2026-31408

There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure...

CVE-2026-44409 Information disclosure vulnerability in ZTE MU5250

There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure...

CVE-2025-31974

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

Pyroscope 安全漏洞

Pyroscope is an open-source continuous performance analysis platform developed by Grafana. Vulnerabilities exist in versions prior to Pyroscope 1.15.2, 1.16.1, and 1.17.0. These vulnerabilities stem from improper configuration, potentially allowing attackers to extract the secretkey configuration...

LangChain-Chatchat 安全漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Version 0.3.1 of LangChain-Chatchat contains a security vulnerability. This vulnerability stems from improper configuration and execution of the MCP STDIO server, which may allow...

WordPress plugin Ashe 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

Libssh: libssh: denial of service via improper configuration file handling

...

CVE-2026-0965

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service DoS by causing the system t...

mcp-memory-service 安全漏洞

mcp-memory-service is a backend service developed by Henry’s individual developer, designed to provide persistent shared memory for AI agents. Versions of mcp-memory-service prior to 10.25.1 contained security vulnerabilities. These vulnerabilities stemmed from improper CORS configuration and...

Halloy 安全漏洞

Halloy is a cross-platform IRC client developed by Squidowl. There is a security vulnerability in Halloy, which stems from improper configuration file permission settings, potentially allowing local users to read plaintext credentials...

CVE-2026-28725

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

PT-2026-23599

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect 17 versions prior to build 41186 Description A sensitive information disclosure can occur due to an improper configuration of a headless browser. Recommendations Update Acronis Cyber Protect to build 41186 or later...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There are security vulnerabilities in Qualcomm Chipsets, which stem from improper configuration. These vulnerabilities may lead to encryption issues when initiating VoWiFi calls from the UE device...

Improper Configuration Control

weblate is vulnerable to improper configuration control. The vulnerability is due to the ability to remotely overwrite Git configuration, which allows an attacker to modify repository behavior and potentially manipulate project operations...

CVE-2026-0965

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service DoS by causing the system t...

CVE-2026-25655

A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...

CVE-2026-25655

A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...

WordPress Plugin Suggestion Toolkit has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Funnelforms Free 安全漏洞

Funnelforms Free is a free plugin that focuses on helping webmasters increase conversions through multi-step forms and contact forms. WordPress Funnelforms Free suffers from a lack of authorization vulnerability, which can be exploited by an attacker to perform an unauthorized operation via a...

WODESYS WD-R608U 访问控制错误漏洞

The WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. An access control error vulnerability exists in the WODESYS WD-R608U that stems from improper initial configuration of the wizard.cgi endpoint access control, which could lead to a malicious attacker making unauthorized changes...