CVE-2026-22199 Voltronic Power SNMP Web Pro 1.1 Path Traversal via upload.cgi

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can...

CVE-2026-22199

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can...

CVE-2026-22199 Voltronic Power SNMP Web Pro 1.1 Path Traversal via upload.cgi

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can...

CVE-2026-22199

Technical details for CVE-2026-22199 are not publicly available in the provided connected documents. Monitor for updates from the vendor and CVE feeds.

PT-2026-25140

wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the...

CVE-2025-56132

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...

Google bug allowed phone number of almost any user to be discovered

Google has fixed vulnerabilities that made it possible to retrieve the phone numbers of almost any Google user. The flaw was found in the flow that allows users to recover their Google account using a phone number. A cybersecurity researcher called Brutecat was able to figure out the phone number...

Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities

The threat actors behind the Vidar malware have made changes to their backend infrastructure, indicating attempts to retool and conceal their online trail in response to public disclosures about their modus operandi. "Vidar threat actors continue to rotate their backend IP infrastructure, favorin...

Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts

A sophisticated fraud ring, dubbed Proxy Phantom, has pushed the boundaries of credential-stuffing attacks with a dynamic account takeover ATO technique that was flooding eCommerce merchants in the third quarter. Researchers at Sift uncovered the group, which is innovating in the realm of...

Mail.ru: Improper Restriction of Excessive Authentication Attempts at https://top.mail.ru/edit? for site counter (Rate Limit bypass via IP Rotation)

Password at top.mail.ru counters was not sufficiently protected against bruteforce...

Mail.ru: Improper Restriction of Excessive Authentication Attempts at http://terrafoot.ru/login.php (Rate Limit bypass via IP Rotation)

Password at terrafoot.ru was not sufficiently protected against bruteforce...

X (Formerly Twitter): Ability to bruteforce mopub account’s password due to lack of rate limitation protection using {ip rotation techniques}

Summary I tried to guess on my account. I sent out nearly 1,000 requests, and I was virtually banned on request about 120. But when I changed my IP and tried logging in, I was logged into the account without any additional checks Description: Your web authentication endpoint,...

FireProx - AWS API Gateway Management Tool For Creating On The Fly HTTP Pass-Through Proxies For Unique IP Rotation

Being able to hide or continually rotate the source IP address when making web calls can be difficult or expensive. A number of tools have existed for some time but they were either limited with the number of IP addresses, were expensive, or required deployment of lots of VPS's. FireProx leverage...

IPRotate - Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request

Extension for Burp Suite which uses AWS API Gateway to change your IP on every request. More info: https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/ Description This extension allows you to easily spin up API Gateways across multiple regions. All the Burp Suite traffic for the...