3117 matches found
CVE-2026-48778
Notepad++ prior to 8.9.6.1 is affected by an RCE in config.xml: the value is read without validation and passed to ShellExecute when triggering File → Open Containing Folder → cmd, enabling attacker-controlled executable paths. The issue stems from NppXml::value() storing the value in _nppGUI._c...
EUVD-2026-39569
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead t...
PT-2026-52595
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, which allows attackers to impersonate charging stations. This flaw can be exploited to gain unauthoriz...
CVE-2026-1840
The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...
EUVD-2026-32916
PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values DoS...
QNAP qumagie 信息泄露漏洞
QNAP Systems QuMagie is a QTS photo management application developed by QNAP Systems. There is a security vulnerability in QNAP Systems QuMagie, which stems from lack of authorization. This vulnerability may allow remote attackers to access unauthorized data or perform unauthorized operations. Th...
Anthropic’s Project Glasswing Update
In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic's claims that it's now common wisdom that Mythos is...
BELL-CVE-2026-46250
Bulletin has no description...
CVE-2026-39331
ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the familyId parameter in requests, regardless of whether they possess the required EditRecords privilege...
CVE-2026-10688
A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function executeblendercode of the file /src/blendermcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried...
MINI-GMPQ-7W7W-PG62
Bulletin has no description...
ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model
The distributed pixel cache was originally designed to operate without a challenge–response authentication model. However, given today’s heightened security expectations, we have changed our implementation...
CVE-2026-20223
Cisco Secure Workload is affected by a vulnerability in the access validation of internal REST APIs that could allow an unauthenticated, remote attacker to access site resources with Site Admin privileges. The issue arises from insufficient validation/authentication when accessing REST API endpoi...
CVE-2026-31240
The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memoryid are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...
BELL-CVE-2026-43217
Bulletin has no description...
CVE-2026-43941
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...
OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions
A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...
MINI-VRGX-VHPJ-3VPM
Bulletin has no description...
MINI-PPPW-6JRW-8WXR
Bulletin has no description...
SenseLive X3050 访问控制错误漏洞
The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability, which stems from the lack of authentication or authorization in the embedded management services. This...