CVE-2026-24455 Jinan USR IOT Technology Limited (PUSR) USR-W610 Cleartext Transmission of Sensitive Information

The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network...

Tenda N300 授权问题漏洞

The Tenda N300 is a router from China-based Tenda. The Tenda N300 suffers from an authorization issue vulnerability that stems from the use of login credentials as a session ID, which could allow a remote attacker to hijack an authenticated session by intercepting network traffic and capturing th...

CVE-2025-40673

CVE-2025-40673 describes a Missing Authorization vulnerability in DinoRANK, enabling access to any user’s invoices via the endpoint /facturas/YYYY-MM/SDRYYMM-XXXXX.pdf due to absent access control. The PDF filename can be learned through OSINT, insecure traffic, or brute force. Documented impact ...

ALPINE-CVE-2022-30115

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...

CVE-2020-4597

IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link a...