PT-2026-35970

Name of the Vulnerable Software and Affected Versions AgentFlow affected versions not specified Description The local web API fails to enforce application/json validation for non-JSON content types on the 'POST /api/runs' and 'POST /api/runs/validate' endpoints. This allows attackers to bypass...

Text Generation Web UI 路径遍历漏洞

Text Generation Web UI is a local AI UI interface developed by oobabooga’s individual developers. Versions of Text Generation Web UI prior to 4.3 contained a path traversal vulnerability. This vulnerability stemmed from an unauthenticated path traversal vulnerability in the loadprompt function,...

Caddy is vulnerable to cross-origin config application via local admin API /load

commit: e0f8d9b2047af417d8faf354b675941f3dac9891 as-of 2026-02-04 channel: GitHub security advisory per SECURITY.md summary The local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement ...

PT-2026-1576

Name of the Vulnerable Software and Affected Versions HCL BigFix IVR version 4.2 Description The local setup interface component suffers from improper authentication and a lack of CSRF protection. This allows a local attacker to make unauthorized configuration changes by sending unauthenticated...

CVE-2025-36751 Missing encryption on Local Configuration Interface or Cloud Endpoint Communication - Growatt MIC3300TL-X and ShineLan-X

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint...

EUVD-2025-29300

Malicious code in bioql PyPI...

CVE-2025-43359

A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A UDP server socket bound to a local interface may become bound to all...

CVE-2025-43359

A logic issue was addressed with improved state management. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A UDP server socket bound to a local interface may become bound to all...

Missing Authentication for Critical Function

Overview xinference is a Xorbits InferenceXinference is a powerful and versatile library designed to serve language, speech recognition, and multimodal models. With Xorbits Inference, you can effortlessly deploy and serve your or state-of-the-art built-in models using just a single command. Wheth...

imgproxy 代码问题漏洞

imgproxy is imgproxy individual developer's fast and secure standalone server for tweaking and converting remote mirrors. A code issue vulnerability exists in imgproxy that stems from the presence of a server-side request forgery vulnerability against 0.0.0.0...

A-Tune 访问控制错误漏洞

A-Tune is a service for atuned AI tuning systems from the openEuler community. A security vulnerability exists in A-Tune before 0.3-0.8 that originates from logging in as a local user and running the curl command to access the local atune url interface to elevate local privileges or modify any...

Design/Logic Flaw

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local...

CVE-2021-21534

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API...

Dell Hybrid Client 信息泄露漏洞

DELL Dell Hybrid Client is a software application from Dell USA Inc. It provides a client computing software with hybrid cloud management capabilities. An information disclosure vulnerability exists in Dell Hybrid Client versions prior to 1.5, which can be exploited by a local, unauthenticated...

CVE-2018-11315

The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat theat request that accesses a device purchased in the Spring of 2018, and sets a...

Denial of Service Vulnerability in Cisco Aironet

Cisco Aironet 1560 Series Access Points and others are different series of wireless access point devices from Cisco USA. An input validation vulnerability exists in multiple Cisco products, which stems from the program's failure to properly handle malformed or invalid 802.11 association requests...

CVE-2016-1455

Cisco NX-OS before 7.03I22e and 7.03I4 before 7.03I41 has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365...

CVE-2012-0179

Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."...

CVE-2011-0716

The brmulticastaddgroup function in net/bridge/brmulticast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service memory corruption and system crash by sending IGMP packets to a local interface...